ISHTAR Ransomware

What is ISHTAR Ransomware?

ISHTAR Ransomware is a malicious infection that will enter your system surreptitiously. The program has been created to help its creators get rich at your expense. Therefore, no matter what these crooks may ask of you, you should not succumb to their demands. Even though this infection may seem like your worst nightmare, there is always a way out of this situation as long as you look for it. In this article, we will tell you how to remove ISHTAR Ransomware for good. We will also take a closer look at the distribution and execution of this malicious infection, hoping it will shed more light on the phenomena.

Where does ISHTAR Ransomware come from?

We decided to make use of the word “phenomena” because ransomware has been the rage ever since a few years ago. It is arguably the most common malicious infection you will encounter nowadays, and ISHTAR Ransomware simply adds up to the pile.

It also employs the most common method of distribution used by these types of infections. ISHTAR Ransomware travels around in spam email attachments. Spam emails are those annoying commercial and other random messages you get every single day. Usually, you do not even see most of them because they go straight to your Junk folder. However, the spam that carries ISHTAR Ransomware is a little bit different. It is very good at masquerading as legitimate notifications.

So the malicious file that installs this ransomware on target systems will try to pass for an MS Office Word file. Its icon will look like a. docx file, and an unsuspecting user will not think twice before opening it. Unfortunately, the moment you open this attachment, ISHTAR Ransomware will be installed on your system.

What does ISHTAR Ransomware do?

As you can probably tell, this malicious program encrypts user’s files. When it unleashes its payload, the program creates a new file in the %APPDATA% directory. It is an executable file, and that file allows the infection to scan your computer, looking for compatible file extensions. It means that only particular files will be affected by the ransomware. As usually, the infection will not touch your system files because it still needs your PC to work properly. But it will surely encrypt the files found in the %USERPROFILE% directory.

ISHTAR Ransomware will use the AES encryption to affect your files. The bytes that compose your files will be scrambled and your system will no longer be able to read them. That “scrambling” is locked with the key that, in turn, gets encrypted with an RSA encryption algorithm. This way, the hackers make sure that no one except them, would know the decryption key.

Once the files are encrypted, the infection will add a prefix to them all. This prefix actually gives the name to this program. For example, if you had a fish.jpg file on your computer, after the encryption it the title will look like ISHTAR-fish.jpg. Also, after the encryption, the program will create two files, leaving them on your Desktop, and in the %APPDATA% directory. That will be README-ISHTAR.txt and ISHTAR.DATA. The text file will contain the ransom note in Russian and English, while the data file will have the time of encryption, unique ID, the RSA public key, and the number of encrypted files.

How do I remove ISHTAR Ransomware?

The ransom note will tell you to contact the criminals via Bitmessage, but you definitely know better than that. In fact, there is no guarantee that the people behind this infection would issue the decryption tool once you transfer the money.

Right now, you should take a look at your backup drive and see if you have all of your file copies there. If you do, you need to remove ISHTAR Ransomware from your system. This program does not kill itself after the encryption, so all the healthy files can get encrypted again.

If you do not want to delete this infection manually, invest in a reliable antispyware tool that will do this for you automatically. At the same time, you will also protect your system against similar intruders that might barge into your PC in the future. Make the best decisions to ensure your computer’s safety.

Manual ISHTAR Ransomware Removal

1. Press Win+R and the Run prompt will open.
2. Type %AppData% into the Open box. Click OK.
3. Remove the winishtr.exe file (the name might be random).
4. In the same directory, find the README-ISHTAR.txt and ISHTAR.DATA files.
5. Delete the files and go to your Desktop.
6. Delete the same files and press Win+R.
7. Type regedit. Click OK. Go to HKEY_CURRENT_USER\Software.
8. Delete the Ishtr 1.0 key under the Software key.
9. Open HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
10. Right-click and delete the value that points to the malware file on the right pane.

Download Removal Tool100% FREE spyware scan and
tested removal of ISHTAR Ransomware*