Files encrypted by TeslaCrypt (.aaa extension) ransomware

Now all the files in My Documents folder have had an .aaa extension appended after the original name and extension.
----------
I was hit with CryptoWall 3.0 ... [with] a file(s) left ... on my desktop ... labeled RESTORE_FILES.BMP.

----------

FWIW - for the OP and anyone else reading this thread:

Back in August 2015 the OP solved their problem (by other means) so this revised info may come up a bit late for them, but based on the original information provided then (.aaa extension appended to original filenames plus the name of the ransomware's ransom notes = RESTORE_FILES [or restore_files_[xxxxxx] (where 'xxxxx' are 3 to 5 random letters) as indicated by another poster in this same thread]), I just wanted to point out that this infection wasn't really caused by CryptoWall 3.0 but rather by TeslaCrypt 2.0 disguised as CryptoWall 3.0.

I'd suspect people here might have had been confused by the included ransom note starting with: "All your files were protected by a strong encryption with RSA-2048 using CryptoWall 3.0."...

TeslaCrypt 2.0 disguised as CryptoWall 3.0

To add confusion to victims seeking assistance was exactly the intention of the malware's authors back in July 2015 when they released their version 2 using an HTML page instead of a GUI. This new HTML page was copied from CryptoWall.

Also the page that opened when a victim followed one of the links provided therein was  identical to the CryptoWall payment page, except for the URLs which would lead to a TeslaCrypt server – the authors of the malware were certainly not going to let their rivals get their victims’ money.

For additional details please see: TeslaCrypt 2.0 disguised as CryptoWall 3.0.

Moreover, CryptoWall 3.0 did not append any extensions to the original filenames it encrypted, and the names of their ransom notes were: HELP_DECRYPT.HTML, HELP_DECRYPT.PNG, HELP_DECRYPT.TXT, and HELP_DECRYPT.URL.

The .aaa variant of TeslaCrypt that was first released in July 2015 (v2.0.4b - then improved in early-August with v2.0.5a) pretending to be CryptoWall, was basically the same as their prior .xyz and .zzz variants, and so their encrypted files were NOT decryptable [1-2] at that time (see more in this related thread), unless victims have had logged their key in network request sent to server at the time of encryption.

Hope this clarifies.

===============

[1] By November 2015 these specific variants were cracked, and by late December 2015 a final solution was found (Thanks to BloodDolly Security Colleague at bleepingcomputer.com) and hence victims of any variants of TeslaCrypt v2+ (ONLY) may now be able to decrypt their files for free.

See: TeslaCrypt V2 Decrypted: Flaw in TeslaCrypt allows Victims to Recover their Files

[2] Unfortunately, at this time the above 'good news' only benefits victims of Tesla's variants up to v2.2.
Files encrypted by any new variants (.xxx, .ttt, or .micro extensions) of the newest and latest TeslaCrypt V3.0 (first released by the crooks on January 12, 2016) are yet (but hopefully soon) not decryptable. These variants use a different protection/key exchange algorithm and the key for them cannot (yet) be recovered.
See: TeslaCrypt 3.0 Released with Modified Algorithm and .XXX, .TTT, and .MICRO File Extensions

===============