Hello, I've got the same problem.
The ransomware was ran on our server and although was ran (probably) under one of limited user accounts, it still encrypted the database of one of information system we use. (Unfortunely whoever use this infosystem, needs to have R/W access to the files and raw database of the infosystem) The problem is I haven't got up-to-date backups (shame on me).
The server has Remote Desktop (Terminal Services) and it was used by the attack, I believe the password must have been guessed using bruteforce.
Naming example is "desktop.ini.[firstname.lastname@example.org].dharma". The ransomware README.txt AND README.jpg is also to be found. I have some original files before encryption available for analysis, etc.
I found the file called "Skanda 23.exe" and I believe that is the main ransomware program file. It is accually a SFX archive, that contains files Ripoff.Acm , qiblas.dll and System.dll (in a subfolder).
I tried to ran the Kaspersky tool mentioned here, but with no luck.
I can offer you my full assistance while solving this problem, I can't say I see any other option now. Thank you for your work in advance.