A file-encrypting ransomware we are calling LowLevel04 is currently being spread that encrypts your data using AES encryption and then demands a 4 Bitcoin ransom to get your files back. This variant was first spotted in October 2015 and it appears that it is being spread by targeted Remote Desktop or Terminal Services hacks. At this time the only way to recover your files is from a backup, by trying Shadow Volume Copies, or by paying the ransom. It is believed that this ransomware is part of an affiliate based family that commonly changes the emails associated with the ransom notes.
Source: https://www.bleepingcomputer.com/news/security/help-recover-files-txt-ransomware-installed-by-targeted-terminal-services-attacks/