CryptoHitman Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 638
Category: Trojans

CryptoHitman Ransomware seems to be a new variant of the well-known Trojan ransomware malware infection called Jigsaw Ransomware. This is a very serious threat that can hit your computer; however, our research shows that it may not be the worst one after all. As it happens, you may be able to find working decryption tools on the net. Without such a tool you may lose all your personal files once this beast encrypts your documents, databases, photos, and videos. The usual savior in such situations comes in the form of an external Flash drive that contains a backup of the files. Obviously, this ransomware is all about making you pay for a decryption key. The criminals who are responsible for this infection try to threaten you to push you into a corner. Before you decide to pay the fee, you should consider that these are crooks and you may not even get the key to decrypt your files. No matter how you decide, we definitely advise you to remove CryptoHitman Ransomware right away.

Reports and our research show that this ransomware is mainly distributed as an attached file in spam e-mails. You need to know that sometimes even opening a spam mail can cause a disaster if it runs a malicious script and drops a Trojan ransomware like this onto your computer. Most of the time, though, you need to actually open the spam mail and download the attached file or click on a link in the body of the mail to let this infection on board. It is quite likely that you will also try to launch the downloaded file since it is usually one that you believe is important for you. And this is the mistake most unsuspecting computer users make; because this is the moment you activate the threat. We suggest that you make sure the mails you open are really meant for you to receive. Otherwise try not to open suspicious or unfamiliar mails. Criminals often disguise these mails to pretend they come from a state institution or a trustworthy company, not to mention the subject lines they use to mislead you. All in all, you need to be very careful where you click when going through your inbox because you can easily infect your system with CryptoHitman Ransomware. If you do not have a safe copy of your files, even if you delete CryptoHitman Ransomware from your operating system, you will not be able to recover them easily. But, this time, at least, you may have a chance.

Once this malicious threat is initiated it encrypts the following file extensions with AES algorithm: .3dm, .3g2, .3gp, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .raw, .rb, .rtf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, and .java. As you can see, all your images, videos, documents, and databases are taken hostage by CryptoHitman Ransomware. This infection displays a very confusing and annoying ransom note that includes a picture of the Hitman from the famous game and pornographic images as well. You can see an information panel as well that contains the note itself. This informs you about the encryption and that after every hour one of your files gets deleted until you finally transfer the money. However, after 36 hours the original 150 USD worth of Bitcoins (about 0.4 BTC this time) will double. The criminals also try to talk you out of killing the processes the infection uses (Suerdf suerdf.exe and mogfh.exe) or restarting your computer as in both cases you will pay the price.

There is also a big timer to remind you of the passing time, and it starts the countdown from one hour. You can check the list of the encrypted files by pressing the designated button. This list shows which ones get deleted as well. Once you transfer the money, there is another button to press so that your files get decrypted. However, this button checks if you have really transferred the money or not, so you cannot fool these criminals. The note and all the text in this window are both in English and Spanish. We cannot tell you not to pay the fee since it is all up to you. But we definitely do not recommend it. What's more, we advise you to remove CryptoHitman Ransomware as soon as possible. This is the only way for you to make your computer secure again.

We have included manual instructions for you if you want to take matters into your own hands. It is not that difficult actually to delete CryptoHitman Ransomware from your system if you follow our guide step by step. Of course, it would be much easier to use an automated malware removal tool, such as SpyHunter, which could also eliminate all other possible threats and provide full protection for your computer at all times, if you keep it updated and active. Also, it is very important that you avoid suspicious file-sharing websites, clicking on third-party ads, and e-mail attachments that may not be reliable. It is important to know that you can lower the vulnerability of your system if you keep all your programs and drivers up-to-date.

Remove CryptoHitman Ransomware from Windows

  1. Tap Ctrl+Shift+Esc to open the Task Manager.
  2. Locate the malicious processes related to this threat called Suerdf suerdf.exe and mogfh.exe.
  3. Select these processes and press End task.
  4. Exit the Task Manager.
  5. Tap Win+R and enter regedit. Click OK.
  6. Find HKCU\Software\Microsoft\Windows\CurrentVersion\Run\mogfh.exe registry value name and delete it.
  7. Close the Registry Editor.
  8. Tap Win+E to open the File Explorer.
  9. Find these files and delete them:
    %APPDATA%\System32Work\Address.txt, dr, and EncryptedFileList.txt
    %LOCALAPPDATA%\Suerdf suerdf.exe
    %UserProfile%\Local Settings\Application Data\Suerdf suerdf.exe
    %APPDATA%\Mogfh mogfh.exe
  10. Empty the Recycle Bin.
  11. Reboot your system.
Download Remover for CryptoHitman Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

CryptoHitman Ransomware Screenshots:

CryptoHitman Ransomware
CryptoHitman Ransomware


Your email address will not be published.


Enter the numbers in the box to the right *