Seems like it has only touched these folders. The ransomware .txt file is in all subdirectories from there.
In the "appdata-backup" folder, there is only the .txt and no ".want_to_cry" file extension, so they seem unharmed.
To my eyes it looks like it has only really encrypted my media files.
My host path for qbittorrent(which was acting up) is /mnt/user/data/torrents/, so if I understand correctly, it should not be able to affect the other folder in /mnt/user/data?
The only client with direct access is my desktop which had a clean install of windows last week and have no files affected. The other clients who connects goes only to plex server.