Severity scale:  
  (99/100)

Ishtar ransomware virus. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Ransomware
12

What is known about Ishtar ransomware?

Ishtar ransomware virus seems to be created by a Russian-speaking cybercriminal or a gang because it addresses the victim in the Russian language. This malware example belongs to ransomware category and users should be aware that it is extremely important to defend the PC from such viruses in advance because the damage that ransom-demanding viruses do can hardly be reversed. Ishtar virus encrypts records (photos, videos, documents, music files) with military-grade encryption (combination of AES-256 and RSA-2048) and, differently than other ransomware parasites, does not add certain file extensions to them– it adds an ISHTAR- prefix to every file it encrypts. Once ransomware applies the encryption to a file, it can no longer be opened or edited and becomes useless. Ishtar ransomware then creates and saves README-ISHTAR.TXT on the desktop and also in each folder that holds encrypted data.

Ishtar ransom note

The ransom note is a message from cyber criminals, and it informs the victim about the only possible data recovery method – ransom payment. It also warns not to delete ISHTAR.DATA file, which is stored in %APPDATA% folder, otherwise it will be impossible to decrypt encrypted data. To find out how to pay the ransom, the victim needs to contact criminals, and this can be done by writing to youneedmail@protonmail.com, or via Bitmessage. We highly recommend you to refuse to pay the ransom – you cannot count on criminals and whatever they promise to you might be a lie. Our team recommends you to remove Ishtar ransomware as soon as possible. In our opinion, the best anti-malware tool is Reimage, and it can help you with Ishtar removal.

How ransomware viruses attack computers?

Ransomware viruses often reach victims and wreak havoc on their computers only because victims open malicious email attachments. Be very careful when exploring email letters, and stay away from ones that come from unknown senders. You can never know what their real intentions are, so why would you open such malicious emails? Remember that scammers create legitimate-looking messages urging victims to view contents of attached files, so please do not fall for such scams. Frauds often pretend to be sending invoices, bills, reports, medical test results and similar documents. Do not open them!
Malware can also silently be installed after entering a deceptive website that contains an exploit kit. In such case, exploit kit scans the system for vulnerabilities in software (it targets outdated software, most frequently – Java), and use its vulnerabilities to enter victim’s PC. You can protect your computer by keeping all software up-to-date.

How to remove Ishtar ransomware virus?

If you are ready to remove Ishtar virus, make sure you have a proper malware removal tool. If you do not, consider installing one. Ransomware viruses are complex programs and only advanced IT experts can remove them manually, but even experts admit that it is hard to remove ransomware. Use Ishtar removal instructions provided below and deleted this virus from your computer for good. You can try suggested data recovery methods, too.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Ishtar ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Ishtar ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage

Manual Ishtar virus Removal Guide:

Remove Ishtar using Safe Mode with Networking

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Ishtar

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Ishtar removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Ishtar using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Ishtar. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Ishtar removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Ishtar from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

At the moment, there are no news about a free Ishtar decryption tool. It appears that malware researchers haven’t released it yet. In the meantime, we suggest you backup encrypted data and try these data recovery methods:

If your files are encrypted by Ishtar, you can use several methods to restore them:

Run Data Recovery Pro

Use Data Recovery Pro and try to decrypt encrypted files with it:

Use ShadowExplorer

Ishtar virus’ authors might have forgotten to add a function that deletes Volume Shadow Copies. Therefore, you should try this data recovery method:

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Ishtar and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions


  • olga89

    this attacked me, but I had backup, I recommend to create it, it becomes so useful when ransomware attacks you!

  • Twist209

    I didnt receive the key after paying the ransom!!!!

  • Vinnie

    Thank you – removed the virus, although files are still stuck with these ishtar- prefixes