Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ishtar Ransomware Help and Support Topic


  • Please log in to reply
8 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:31 AM

Posted 25 November 2016 - 10:51 AM

This topic is for those who need help with the Ishtar ransomware. More technical details can be found here.

note_2.PNG


Files associated with the Ishtar Ransomware:

%AppData%\winishtar.exe
%AppData%\ishtar_ransomware.exe
%AppData%\<ransom_name>.exe
%AppData%\<ransom_name>.tmp 
%AppData%\<the random>.exe
%AppData%\<the random>.tmp 
C:\README-ISHTAR.txt
C:\ISHTAR.DATA
%AppData%\ISHTAR.DATA
%AppData%\Roaming\ISHTAR.DATA
%UserProfile%\Desktop\Ishtar_ransomware.docx


BC AdBot (Login to Remove)

 


m

#2 dieman26

dieman26

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Russia, Miass
  • Local time:01:31 PM

Posted 03 December 2016 - 01:57 AM

Ishtar Ransomware, link on crypt and original files, and ISHTAR.DATA file to decrypt  https://www.sendspace.com/filegroup/qm1wkOnkHf5LWibvMQjVaynsZidxT00u



#3 thyrex

thyrex

  • Members
  • 472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belarus
  • Local time:10:31 AM

Posted 03 December 2016 - 05:38 AM

No way for decrypting this ransomware


Microsoft MVP 2012-2016 Consumer Security

Microsoft Reconnect 2016


#4 bluntschi

bluntschi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 02 February 2017 - 03:46 AM

contracted the virus, e-mail the other,
 
# TO DECRYPT YOUR FILES PLEASE WRITE TO youneedmail@bitmai.la
# OR TO 
# BM-NB29yqgNJsWrWJT5fQR1JC5uoz2EoAGV USING BITMESSAGE DESKTOP OR https://bitmsg.me/
 
whether it is possible to decipher it?
they do not meet the post
 


#5 dencorp

dencorp

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 27 February 2017 - 01:51 AM

contracted the virus, e-mail the other,
 
# ----------------------------------------------------------------------------------------------------------------------------
# TO DECRYPT YOUR FILES PLEASE WRITE TO youneedhelp@mail2tor.com
# OR TO 
# BM-NB29yqgNJsWrWJT5fQR1JC5uoz2EoAGV USING BITMESSAGE DESKTOP OR https://bitmsg.me/
# ----------------------------------------------------------------------------------------------------------------------------
#
# BASIC TECHNICAL DETAILS:
# > Standart encryption routine: AES 256 + RSA 2048.
# > Every AES key is unique per file.
# > Decryption is impossible without ISHTAR.DATA file (see %APPDATA% path).
 
whether it is possible to decipher it?
they do not meet the post

https://yadi.sk/d/E0_FvuRl3Egcrx



#6 Amigo-A

Amigo-A

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:12:31 PM

Posted 20 March 2017 - 06:44 AM

bluntschi
dencorp

As me was told, if there is no answer in the topic, then the submitted files for decryption and help is not enough.

We must try to find the right files.


Edited by Amigo-A, 20 March 2017 - 06:44 AM.

Need info about Crypto-Ransomware? A huge safe base here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,937 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:31 AM

Posted 20 March 2017 - 06:46 AM

In cases where there is no free decryption fix tool and victims are not willing to pay the ransom, the only other alternative is to backup/save your encrypted data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution.

Imaging the drive backs up everything related to the infection including encrypted files, ransom notes and registry entries containing possible information which may be needed if a solution is ever discovered. The encrypted files do not contain malicious code so they are safe. Even if a decryption tool is available, there is no guarantee it will work properly or that the malware developer will not release a new variant to defeat the efforts of security researchers so keeping a backup of the original encrypted files and related information is a good practice.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Nirvaner

Nirvaner

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 21 August 2017 - 07:59 AM

How I do decrypt all my files?

I upload files with decryptor in zip with link https://www.bleepingcomputer.com/forums/index.php?app=forums&module=post&section=post&do=reply_post&f=239&t=633083



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,937 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:31 AM

Posted 21 August 2017 - 08:03 AM

No way for decrypting this ransomware


.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users