Warning panel popped to say root directory is almost full. checked log files to find files opened in /dev at a specific time somehow automatically. There is a group of encrypted files newly created also near the same time, some of which are gigabytes large. Opened as administrator only to find gibberish, but lots of it.
It appears something is producing these files very rapidly. A first line of defence would be to delete these files. So a command using the creation date and time as a filtering aspect might get things under control.
Then finding what is producing the files would be a big help also. Wouldn't know where to begin with either of these ideas.
Any help would be greatly appreciated. Thanks for reading this.

What distro and version are you on?

How old is your harddisk?

What do you know about your security situation?

See the find -ctime switch

Been gone from this post for a few days. Sorry about that. I got to digging into the problem, and here's what I came up with:
Somehow, of which is still unknown to me, ecryptfs-utils got downloaded and halfway installed in my system. When it does this a shitload of files are created. There is a "migration" script to be run, which copies the entire home folder to these newly encrypted files, creating an encrypted home folder. After proper inspection and determining success of the migration of files, the original home folder is deleted leaving only the encrypted version. It is in this transitional process that there are some many files in the system. Once it's done, all is normal again.

Problem: I don't want the encrypting system in my main Linux Mint 17.3 system. I'd rather set up a VM and install ecryptfs there so I can play with it without risking the main system.

Question: How do I delete all these new files and return to normal? I've been searching around for the solution for a couple of days and am still unresolved.

Thanks for reading this.

Update for the ecryptfs invasion. I did find a page which provided seemly pertinent instructions on how to remove the ecrypt system from the home directory. I followed these instructions as explicitly as I could ascertain and the entire home folder was deleted along with the ecrypt system.

Unfortunately, I did not have a current enough backup without the ecrypt system to enjoy an easy restore of the home folder. Hence, I cut my losses and did the thing I was planning on for several months: upgrade to 18.1. Much of the home folder was retrievable (in pieces) and the upgrade went reasonably smooth.

However, the issue of ecryptfs getting into my system without any assistance from me is still an unanswered question.

Security: firewall per default settings. Other than this, no other active hardening of the system. As a reminder, this was Linux Mint Mate 17.3 with 3.19 kernel.

Other than this, I have nothing else to report. I still have the ecrypt backup files and could investigate various logs and whatever, but I am not experienced enough to know where to look nor what to look for. If anyone would like to point the way to find out more about this invasion, I'm willing to do the digging if someone with experience does the pointing to where I should dig.

Thanks again.