CryptoHitman Ransomware - How To Remove?


CryptoHitman ransomware is an updated version of Jigsaw ransomware. This new Jigsaw ransomware variant applies the same encryption algorithms. It is renamed CryptoHitman because it uses the image of the character from the Hitman video games and movies on your lock screen. Apart from that, CryptoHitman ransomware replaces the lock screen with pornographic images. This could be very dangerous in the workplace environment. It may cost you a lot of nerves and put you in an unenviable embarrassing situation.

Things You Need to Know about CryptoHitman ransomware

CryptoHitman ransomware just like Jigsaw ransomware encrypts your files with AES encryption algorithm. This crypto malware affixes .porno extension to the names of those files. Then CryptoHitman virus displays a window with the ransom note. The message informs you about the encryption and presents with further instructions. You have to contact the cyber criminals through e-mail and make the ransom payment of 150USD to get the decryption key. The payment must be transferred in Bitcoins. You are provided with the payment BTC address. If you fail to comply with their requirements, every hour data will be deleted. This will continue till you pay the ransom or none of your files will be left.

How does CryptoHitman ransomware Infiltrate Your Computer?

CryptoHitman file encryptor may infect your computer through spam email and their attachments. Thus, you should refrain yourself from browsing the spam folder since it is an automatic function of your e-mail that safeguards you from malicious content. If an official letter falls into the spam box, it is most probably a Trojan horse from which you should keep away.

The other technique CryptoHitman ransomware executes is the exploit kits. The exploit kits are software kits that run on web servers and are designed to detect software vulnerabilities in your computer. Once they detect such vulnerabilities, they execute malicious codes on your computer’s system.

How to Decrypt Files encrypted by CryptoHitman ransomware

Luckily CryptoHitman is a decryptable ransomware. Open Windows Task Manager and terminate suerdf.exe and mogfh.exe processes. Then, run MSConfig and disable the startup entry related to these executables. After you have terminated and disabled the startup of CryptoHitman ransomware, go to and download the Jigsaw Decryptor (remember it is the previous version of CryptoHitman). Double-click the JigSawDecrypter.exe. You will be presented with the window. Select the directory of encrypted files and click Decrypt My Files button. When the decryption will be over, the screen will announce that the files are decrypted.

No you see that paying the ransom is the waste of your precious time and money. Perform the decryption procedure as described above. For extra security and warranted removal of CryptoHitman ransomware employ professional anti-malware removal tools such as Reimage, SpyHunter and Malwarebytes.


Automatic CryptoHitman Ransomware removal tools

Note: Reimage trial provides detection of parasites and assists in their removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.  We might be affiliated with some of these programs. Full information is available in disclosure

Manual removal


Important Note: Although it is possible to manually remove CryptoHitman Ransomware, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Reimage or other tools found on

External decryptor:

About the author

 - Main Editor
I have started in 2007 after wanting to be more or less independent from single security program maker. Since then, we kept working on this site to make internet better and safer place to use.
May 16, 2016 04:02, January 4, 2017 07:48

Leave a Reply

Your email address will not be published. Required fields are marked *