What to do with the Ishtar virus?

S

smithana2016-12-04 20:20:05

Malware

smithana, 2016-12-04 20:20:05

Good afternoon,
it so happened that the gullible bosses opened the archive from some letter.
As a result, all files on the computer of the person who opened the letter (windows 7) and on the server (server 2012) became encrypted and are named with the prefix ishtar_*.
At the root is a ReadMe file with instructions for paying with bitcoins.
The search engines just said that this is a very fresh virus. And what about kaspersky, doctor web, etc. in this case they can't help.
Accordingly, the question is:
1. Are there any options for dealing with this muck?
2. The files on the server are quite important, the authorities are thinking of paying money to extortionists. Do you have payment statistics? Do they decrypt or throw more money?
Thanks

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Alexey, 2016-12-04
@RusTech

If the server is with important files, then there should be backups. Paying 50/50.

S

smithana, 2016-12-05
@smithana

Fighting them is very easy.

it is not a struggle with the consequences, but their prevention. The situation was taken into account and we will tighten the screws.
At the moment, we contacted the data decryption company. They promise to decrypt everything remotely.

A

Amigo-A, 2017-01-11
@Amigo-A

smithana
At the moment, there is no tool for free decryption of files encrypted with the Ishtar encryptor. All public information is initially collected in one place. Link . If the possibility of free decryption appears, then a link to the decryptor will appear on the same page. If you have encrypted files, they must be saved in the form in which they are now - without renaming or archiving. Decryption for victims of ransomware is a priori FREE.

S

spellman003, 2017-04-20
@spellman003

Is there any information on how to remove it guaranteed without reinstalling the OS?