AES-NI ransomware on windows server 2008

Go to http://idransomware.malwarehunterteam.com and upload a copy of one encrypted file and/or the ransom note file. If there's currently a known decrypt app, that will tell you where to get it. If there's no decrypt app, you'll have to restore your files from backup.

I guess you could try malwarebytes and see if it kills the encryptor. Then do some extensive testing to see if your forest is corrupted...

It is very poor practice to try and clean a critical server like that, but you can try...

How can you be sure it didn't add other malware?

It probably at a minimum killed your sysvol and group policies.
So was this just a domain controller or were you doing other things with it too?

I know my system has 4 domain controllers, across 2 main sites and 4 satellites. None of the domain controllers do anything else, and 2 are virtualized. They DO NOT talk to the outside world except the primary which can reach outside to keep the clock synced. And they are all backed up daily. They don't even get updates from outside, but from an internal WSUS server.

AD is a very critical element and once it breaks bad, you have to start over without good backups.

I also agree with the virtualization recommendation... It is a bit expensive to dedicate a server to just a domain controller, but a virtual server is fairly cheap to do... You can host several virts on a reasonable chassis...

Sufficient advice given

I had problems with this ransomware, and I managed to recover some files with a help of  ShadowExplorer and this guide. But all recovered files are very old :(