Good afternoon. We are located in Kazakhstan, Aktobe. In our organization there was an encryption of files 06/06/2017. This computer was granted access to RDP. Through this protocol, encryption was carried out. The files have the extension of the form [firstname.lastname@example.org] .blocking. The requirements of extortionists and several files I attach. If necessary, I can provide any files and reports. Ransomware is BTCWare. Thank you in advance.
attached avacrypt.rar - password Qwer123$ - exe file of ransomware
!#_RESTORE_FILES_#!.inf - Demands of extortionists
"Files" folder - Original and encrypted files
all archive password - Qwer123$