CryptoGuard: Protects local and share files from being held hostage!
HitmanPro's CryptoGuard is a universal solution against crypto-ransomware. This type of ransomware encrypts your personal files and demands a ransom fee to be paid in order to regain access to your files.
When your PC has been infected with crypto ransomware, all your documents, videos, images and other personal files are encrypted. This encryption prevents you from opening them, whether they are on your pc, connected drive or business network. You see a message stating you need to pay a certain amount of money (the ransom fee) to gain access to your personal files again. Payment typically has to be done via Bitcoins.
So how do you prevent your files from being held hostage?
Since malware authors are very creative with code packers and polymorphic engines we see that new or zero-day versions of ransomware cannot be timely detected using just antivirus signatures. We've also seen ransomware use code injection and hollow process techniques to hide inside legitimate processes. Think of explorer.exe or winword.exe encrypting your documents and files. It is a matter of time before crypto-ransomware like CryptoLocker will adopt these methods to bypass static group policies-based preventions.
HitmanPro.Alert's CryptoGuard technology does not try to detect the malware based on its static properties, but it detects crypto-ransomware based on its file system behavior. If suspicious behavior is detected, it is then blocked (the encryption of the files) and the malware is neutralized, without the need for any user intervention. The benefit of this solution is, that it is much harder for a malware-author to radically change its behaviour (taking the files hostage) than it is to change its static properties, i.e. where it is located and how the physical code is structured. CryptoGuard offers a more universal and future proof solution for both workstations and servers.
CryptoGuard works silently in the background at the file system level, keeping track of remote computers and local processes that are modifying your documents and other files.
After installing HitmanPro.Alert, CryptoGuard is automatically enabled to protect your data.
If you want to change any settings regarding CryptoGuard, follow these steps:
On workstations, when CryptoGuard intercepts an attack on your personal files, it displays an Alert message as shown below:
When the above alert is displayed, the malicious process is neutralized. It can no longer harm your files.
To remove the malicious code from your computer you click on the Scan with HitmanPro button which will automatically download the HitmanPro anti-malware application (if not already installed on your computer).
HitmanPro will scan your computer for malicious programs and allows you to remove them.
On servers, when CryptoGuard intercepts an attack on the shared files, it writes a warning (level: Error) in the Windows Event Log to alert the system administrator:
The following video illustrates a CryptoWall and CTB-Locker ransomware attack on a workstation and how CryptoGuard will protect your files.
CryptoGuard works at the file system level and does not conflict with full disk encryption software like BitLocker, Sophos SafeGuard or TrueCrypt.
Supports 32-bit and 64-bit versions of Windows 8.1, Windows 8, Windows 7, Windows Vista and Windows XP (SP3) and Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2 (64-bit).