CryptoHitman Ransomware

What is CryptoHitman Ransomware?

Your personal files are at risk of being encrypted by CryptoHitman Ransomware if you have not taken the right security measures to protect your operating system from malware. This malicious infection is primarily spread using spam email attachments; however, its creators might use other methods to infect computers, which is why you have to take care of your system’s security. If this malicious threat has already slithered in, it might have already encrypted files that have such extensions as .java .avi, .jpeg, .mp3, .ppt, .doc, and .java. This devious ransomware detects personal files and silently encrypts them using the AES encryption algorithm. This encryption method has been employed by TorLocker Virus, Enigma Ransomware, Locked Ransomware, and plenty of other infamous infections. The good news is that you will not need to deal with all of these threats at the same time. The bad news is that they are extremely aggressive and vicious. Before we show you how to delete CryptoHitman Ransomware from your operating system, we explain how this threat works.testtest

How does CryptoHitman Ransomware work?

According to our ransomware analysts here at, CryptoHitman Ransomware is an updated version of the malicious Jigsaw Ransomware. Both of these infections were created by the same party; however, the newer version is the more aggressive one. Once executed, this infection will encrypt your files and immediately introduce you to a screen-size image containing pornographic images and the instructions on what to do next. This notification is extremely offensive, and we are sure that every user will want to get rid of it as soon as possible. If you focus on the information provided, you learn that you are expected to pay a fee of 150 USD to get your files decrypted. This is exactly why we categorize this infection as a ransomware, and of course, this activity is illegal. The scary thing is that this infection selects a few files and deletes them every hour that passes. Furthermore, the notification suggests that the ransom fee would double to 300 USD if you did not follow the demands right away. If you follow these demands, you will buy Bitcoins (virtual currency) at and make the payment using the provided BTC address.

If you attempt to terminate the processes of the malicious CryptoHitman Ransomware, it will show you a warning suggesting that this is a bad move, and this is likely to stop you. It is possible that files will be erased if you proceed to terminate processes, and we have found that this infection can delete files if you restart the computer as well. Needless to say, this infection is truly aggressive, and it is very likely that many computer users will be scared into paying the ransom. Well, the malicious Jigsaw Ransomware had a flaw that permitted file decryption using decryption software, so it is worth looking into this software before you pay any money. Hopefully, you will be able to decrypt your files (the encrypted files have the .porno extension) without helping cyber criminals generate a profit. If you are ready to pay the ransom, think about the possibility that your files will remain encrypted even if you fulfill all of the demands.

How to delete CryptoHitman Ransomware

Whether you pay a ransom, use third-party decryption tools to decrypt files, or sacrifice your personal files, you need to remove CryptoHitman Ransomware from your operating system. If you are not sure you can successfully delete this threat using our manual removal guide, it is wise to install anti-malware software capable of erasing malware automatically. Even if you find the guide below easy to follow, you should invest in trustworthy anti-malware software because of other threats. These threats could be active on your PC right now, or they could attack your operating system in the future. If you do not want to risk your personal files or the security of your virtual identity in the future, it is important to employ reliable security software. Another thing you should start doing is backing up your personal files. You can purchase an external drive or use online backup systems to back up your files and to prevent their loss in case you face ransomware attacks, computer damage, etc. If you have any questions about this, post them below.

Removal Instructions

  1. Tap Win+R keys simultaneously to launch the RUN dialog box.
  2. Enter regedit.exe into the box and click OK to launch the Registry Editor.
  3. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\ and click Run.
  4. Right-click the value called mogfh.exe and click Delete.
  5. Tap Win+E keys simultaneously to launch Explorer.
  6. Type %LOCALAPPDATA% into the address bar and tap Enter.
  7. Right-click the Suerdf folder (containing suerdf.exe) and select Delete.
  8. Type %UserProfile%\Local Settings\Application Data\ (for Windows XP users) and tap Enter.
  9. Right-click the Suerdf folder (containing suerdf.exe) and select Delete.
  10. Type %APPDATA% into the address bar and tap Enter.
  11. Right-click the Mogfh folder (containing mogfh.exe) and choose Delete.
  12. In the same directory open the System32Work folder and Deletethese files:
    • dr
    • Address.txt
    • EncryptedFileList.txt
100% FREE spyware scan and
tested removal of CryptoHitman Ransomware*

Leave a Comment

Enter the numbers in the box to the right *