HitmanPro.Alert CryptoGuard: Protects local and shared files from being held hostage!
HitmanPro.Alert's CryptoGuard is a universal real-time solution against crypto-ransomware. This type of ransomware, also generalized as Cryptolocker, encrypts your personal files and demands a ransom fee to be paid in order to regain access to your files.
When your PC has been infected with crypto-ransomware, all your documents, videos, images and other files are encrypted. This encryption prevents you from opening them, whether they are on your pc, connected drive or business network. You see a message stating you need to pay a certain amount of money (the ransom fee) to restore your files. Payment typically has to be done via Bitcoins. Examples: (CTB-Locker and CryptoWall 3.0)
Since malware authors are very creative with code packers and polymorphic engines we see that new or zero-day versions of ransomware cannot be timely
detected using just antivirus signatures. We've also seen ransomware use code injection and hollow process techniques to hide inside legitimate processes.
Think of Explorer.exe or Winword.exe encrypting your documents and files for ransom money.
Update: Crypto-ransomware has adopted these techniques to bypass static group policies-based preventions. The following prevalent crypto-ransomware abuses legitimate trusted processes to maliciously encrypt your documents, pictures and other data:
We''ve designed our CryptoGuard technology to stop prevalent and future crypto-ransomware. It does not try to detect this malware based on its static properties, but it detects crypto-ransomware based on its file system behavior. If suspicious behavior is detected, it is then blocked (the encryption of the files) and the malware is neutralized, without the need for any user intervention. The benefit of this solution is that it is much harder for a malware-author to radically change its behaviour (taking the files hostage) than it is to change its static properties, i.e. where it is located and how the physical code is structured. CryptoGuard offers a more universal and future proof solution.
CryptoGuard works silently in the background at the file system level, keeping track of remote computers and local processes that are modifying your documents and other files.
After installing HitmanPro.Alert, CryptoGuard is automatically enabled to protect your data.
If you want to change any settings regarding CryptoGuard, follow these steps:
When CryptoGuard intercepts an attack on your personal files, it displays an Attack Intercepted message as shown below:
When the above alert is displayed, the malicious process is neutralized. It can no longer harm your files.
The Technical details can show you how the attack took place. The Process Trace in the example screenshot shown above reveals that a file called fax-message674-109-802.scr was responsible for attacking your data through the legitimate Windows file C:\Windows\SysWOW64\svchost.exe. HitmanPro.Alert also records this event, including the technical details, in the Windows Event Log.
The following video illustrates a CryptoWall and CTB-Locker ransomware attack on a workstation and how CryptoGuard will protect your files.
CryptoGuard works at the file system level and does not conflict with full disk encryption software like Microsoft BitLocker, Sophos SafeGuard or TrueCrypt.
HitmanPro.Alert with CryptoGuard supports 32-bit and 64-bit versions of Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista and Windows XP (SP3).