Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoHitman Ransomware Support and Help Topic (.Porno Extension Jigsaw variant)


  • Please log in to reply
1 reply to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:54 AM

Posted 11 May 2016 - 09:16 PM

A new Jigsaw Ransomware variant has been released called CryptoHitman. This ransomware uses the popular Hitman video game and movie character on its lock screen and displays pornographic pictures as the background. In order to make payment you are told to email cryptohitman@yandex.com.

More info can be found here as well as instructions on how to decrypt your files for free:
 
Jigsaw Ransomware becomes CryptoHitman with Porno Extension

Files associated with CryptoHitman:
 
%LocalAppData%\Suerdf\
%LocalAppData%\Suerdf\suerdf.exe
%AppData%\Mogfh\
%AppData%\Mogfh\mogfh.exe
%AppData%\System32Work\
%AppData%\System32Work\Address.txt
%AppData%\System32Work\dr
%AppData%\System32Work\EncryptedFileList.txt
Registry entries associated with the CryptoHitman:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\mogfh.exe	%AppData%\Mogfh\mogfh.exe


BC AdBot (Login to Remove)

 


m

#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:54 AM

Posted 17 May 2016 - 01:48 PM

New variant with extension .pornoransom spotted. Decrypter has been updated to take care of it.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users