Skip to main content

Hitman Ransomware Plasters PCs with Porn

A month ago, the Jigsaw ransomware appeared and made life only marginally less miserable for victims than the cinematic serial killer for whom it’s named. Jigsaw would encrypt your files and ask you to cough up money, but worse still, it would delete the files outright if you attempted to restart your computer.

Now, the malware is back, but in an even more obnoxious form. CryptoHitman adds insult to injury, since in addition to encrypting and deleting your precious files, it also plasters your computer with porn (and, by most accounts, not very good porn).

Credit: Square Enix

(Image credit: Square Enix)

BleepingComputer, a site that provides how-to guides for malware removal, reported the strange new software, which channels both the beloved Hitman game series and the extremely smarmy tone of the original Jigsaw attack. If you contract CryptoHitman, a screen will pop up and lock you out of most programs on your PC.

You may smile when you recognize Agent 47, the protagonist of the popular Hitman stealth games, but it will likely turn to a grimace when you see the graphic pornography that accompanies him. (You may not want to look at your desktop background, which is similarly explicit.)

MORE: Best Antivirus Software and Apps

Similar to what it did before, the ransomware screen explains that you have three days to send $150 in Bitcoin to a throwaway email address, or else the malware will encrypt your files with an unreadable and nonsensical .PORNO extension. Every hour you dither, the program will start deleting your files; if you try to restart your computer, it will delete files even more quickly. Worse than both of those, however, is the know-it-all, you-have-no-choice tone adopted by the written instructions.

Luckily, the program can be reduced to all bluster, thanks to Michael Gillespie, a security researcher and member of MalwareHunterTeam. Gillespie found a way to decrypt files under the thrall of the Jigsaw ransomware, and his fix needed only a slight tweak to work against CryptoHitman as well.

You can download Gillespie's decrypter at BleepingComputer's site, then follow two simple instructions (select directory, decrypt files) to get your files back. After that, you'll want to run a decent antivirus scan to excise the ransomware from your computer.

Unfortunately, it's still not clear where the Jigsaw or CryptoHitman ransomware comes from, or how its unfortunate victims have contracted it. Our best advice, as always, is to be judicious about visiting strange websites, and to run some real-time antivirus protection, which can stop the ransomware before it ever makes its way onto your system in the first place.