Yes passwords can sometimes be construed from a user name. As an example I have a username of JSmith , and since I am human and forgetful and the admin said to make my password complex using numbers and special characters, I chose JSmith123! < That is a common occurrence.
For more on this look at:
Passwords - Skull Security < loads of lists with bad choices.
What’s My Pass? » The Top 500 Worst Passwords of All Time < The top 500
As for your situation, it appears as if someone is trying to bruteforce their way (or may have already done so) into your network.
My advice if you don't know what you are doing, in regards to penetration testing and digital forensics, it would be best to find a consultant in your area to help you out.
You would probably want to take your network down in order to isolate the issue, fix, patch, update and or remove it.
Having said that though there are many variables that come into play, such as what did happen, (an actual breech or only attempted ones, full network compromise) Costs both perceived and real, in terms of account info, productivity time lost etc.
Also understand that if you are wanting to do some sort of investigation for potential criminal proceedings, then you or anyone else (that are not qualified forensics experts) messing around on the network at this point could invalidate any evidence in a court of law.
I could go on, but some of our other experts will likely chime in to offer more information.