Jigsaw Ransomware has rebranded itself as CryptoHitman and it already uses the character from the well-known Hitman video games and movies. Apart from adding the Hitman character to its locker screen, CryptoHitman covers the lock screen with multiple pornographic images which are not safe for users.
CryptoHitman operates just like Jigsaw ransomware, which encrypts users’ data with AES encryption and demands a ransom payment for decrypting their files. To pay the ransom the victims are required to send payment to cryptohitman@yandex.com.
The problem with this version of CryptoHitman is that it will still delete users’ files every time they restart the process and when the timer runs down to zero.
The only differences here are the new pornographic locker screen, the use of the Hitman character, the new .porno extension added to all encrypted files, and the new filenames for the ransomware executables. Otherwise, CryptoHitman operates just like the original Jigsaw Ransomware.
Fortunately, DemonSlay335 managed to modify his existing Jigsaw Ransomware decryptor to also decrypt files encrypted by CryptoHitman.
In order to decrypt your files, you should first terminate the %LocalAppData%\Suerdf\suerdf.exe and %AppData%\Mogfh\mogfh.exe processes in Task Manager to prevent any further files from being deleted. After that, you have to run MSConfig and disable the startup entry related to these executables.
Once you have terminated the ransomware and disabled its startup, you can proceed with decrypting the infected files. The first step is to download and extract the Jigsaw Decryptor.
After that simply double-click on the JigSawDecrypter.exe file to launch the program.
In order to decrypt your files just select the directory and click on the “Decrypt My Files” button. In case you wish to decrypt the whole drive, then you can select the C: drive itself.
It is recommended not to put a checkmark in the “Delete Encrypted Files” option until you have confirmed that the tool can properly decrypt your files.
When all your files are decrypted, you’d better run an antivirus or anti-malware program to scan your PC for infections and make sure that your virtual machine is already clean and protected.
