CryptoHitman Ransomware

CryptoHitman Ransomware is a Trojan ransomware infection that you do not want to find on your computer since it could mean the potential loss of all your important files. If this infection finds a way to your computer, it encrypts all your photos, videos, documents, and more within a very short time. This ransomware is very pushy to extort the ransom fee from you. If you do not pay the fee, you may lose all your files for ever. Or, at least that is what these criminals try to make you believe. Of course, normally, if you do not get the decryption key, you cannot recover your files. But we have discovered that his infection is the new version of Jigsaw Ransomware, which could be good news for you in a way because it is possible to find a working decryption tool and instructions on the web. Another way for you to make sure you do not lose your files is to regularly make backup copies on an external disk. Although, it is your business if you want to pay these criminals or not, we advise you to remove CryptoHitman Ransomware immediately.

When it comes to Trojan ransomware programs, the most important thing to know is most probably the way these vicious infections can infiltrate your system so that you may have a chance to avoid such a devastating attack. Our research shows that CryptoHitman Ransomware mainly spreads via spam e-mail campaigns. This means that you may get an e-mail from a fake sender that may be disguised as a reputable or well-known company, and this mail has a malicious attachment. Usually these spam mails have a misleading subject that may refer to an invoice number or a returned mail; anything that could catch your attention. However, when you click on the attached file, an executable can drop onto your hard disk. If you run this file – and usually you have to run it yourself--, you activate the infection. These Trojans often pose as useful programs since otherwise you may not feel the push to execute them.

We recommend that you be more careful around your inbox and do not open unfamiliar random mails. What is even more important is that you do not click on attachments that you do not expect to receive. It is worth taking the time to double-check with the sender. Otherwise, you may end up in a mess like this, and you may lose all your files for good. If you cannot or do not want to pay the ransom fee, you should delete CryptoHitman Ransomware from your computer ASAP.

This Trojan ransomware seems to use two processes to operate through called “Suerdf suerdf.exe” and “mogfh.exe.” This infection targets all your videos, pictures, documents, archives, and program files like most ransomware programs. CryptoHitman Ransomware uses the AES (Advanced Encryption Standard) algorithm to encrypt your files. This algorithm is actually built in your Windows operating system; therefore, it may only take a few seconds for your files to get encrypted depending on your PC’s performance and the number of files, of course. This infection appends a “.porno” extension to your files, so your files will look like “image.jpg.porno.” When the damage is done, your desktop background image will change and the ransom note will replace it.

This note is rather annoying and contains an image of the Hitman PC game character as well as pornographic images. You also have information about the encryption and you are threatened that after every hour a file will be deleted unless you pay the ransom of $150 in Bitcoins (0.4 BTC). You are also given the Bitcoin address to transfer the money to and an e-mail address (cryptohitman@yandex.com) if you have any questions. A timer counts down from 1 hour. There are two buttons on this screen. One, “View encrypted files” displays a list of the files that have been encrypted and this list also indicates which ones are deleted hourly. The other button is for decrypting your files once you have made the payment. If you do not pay within 36 hours, the fee will double ($300).

Although this all looks rather scary, we still recommend that you remove CryptoHitman Ransomware from your system right after you notice its operation. In order to do this, you need to either kill the running processes through Task Manager or restart your computer in Safe Mode. When trying to kill the processes, this message may be displayed: "You are about to make a very bad decision. Are you sure about it?" We believe that this is the right decision and we are quite sure about it. Normally, only a backup copy could save the day for you. But, in this case, luckily for you, there is a chance that you can find a working decryption tool for Jigsaw Ransomware on the web that seems to work for this new version, too. We do not suggest that you use a decryption tool yourself unless you are an advanced computer user though. Try to consult with a professional or a friend who has this level of IT knowledge. If you want to eliminate this threat and all other potential malware infections automatically, we recommend that you use a reputable malware removal tool. Please follow our instructions below to eliminate this dangerous threat manually without restarting your PC. Should you have any questions regarding the removal of CryptoHitman Ransomware, please leave us a comment below.

Remove CryptoHitman Ransomware from Windows

1. Press Ctrl+Shift+Esc to start the Task Manager.
2. End the processes called Suerdf suerdf.exe and mogfh.exe, and close the Task Manager.
3. Press Win+Q and type in regedit. Press Enter.
4. Locate and delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run\mogfh.exe
5. Exit the editor.
6. Press Win+E.
7. Locate and delete the following files:
   %LOCALAPPDATA%\Suerdf suerdf.exe
   %UserProfile%\Local Settings\Application Data\Suerdf suerdf.exe
   %APPDATA%\Mogfh mogfh.exe
   %APPDATA%\System32Work\ Address.txt
   %APPDATA%\System32Work\dr
   %APPDATA%\System32Work\EncryptedFileList.txt
8. Empty your Recycle Bin.
9. Restart your computer.