HitmanPro.Alert is a bullet-proof vest that automatically protects your documents, photos, identity and applications against malware and zero-day attacks from cyber-criminals and (nation-state) hackers.
It is an innovative solution that actually prevents breaches and infections without requiring prior knowledge of attacks or malware. It offers protection by blocking the core techniques that hide malware in the presence of antivirus software or that exploit known and future software vulnerabilities. It also detects intruders like banking malware, Remote Access Tools and crypto-ransomware, simply by observing the behaviors that these threats exhibit.
The exclusive Risk Reduction features of HitmanPro.Alert include
behavior-based protection against high-impact
crypto-ransomware, a prolific threat that slips by web filters and
antivirus defenses every day. This type of infection—also
generalized as cryptolocker—goes after images, documents, and
other personal and critical data on local disks and networked
drives. Cryptolocker malware encrypts the computer files of its
victims victims and demands ransom money for the decryption key.
The signature-less operation of HitmanPro.Alert’s CryptoGuard technology universally prevents spontaneous encryption of data by cryptolockers. Even when trusted files or processes are hijacked for unsolicited encryption—as observed in cryptolockers "VaultCrypt", "CryptoWall" and "CTB-Locker"—it is stopped and reverted by HitmanPro.Alert, without interaction from users or IT support personnel.
CTB-Locker Ransom Note
CryptoWall 3.0 Ransom Note
Since malware authors are very creative with code packers and polymorphic engines we see that new, early-life or zero-hour versions of ransomware cannot be timely
detected using just antivirus signatures. We've also seen ransomware use code injection and hollow process techniques to hide inside legitimate processes.
Think of Explorer.exe or Winword.exe encrypting your documents and files for ransom money.
Update: Crypto-ransomware has adopted these techniques to bypass static group policies-based preventions. The following prevalent crypto-ransomware abuses legitimate trusted processes to maliciously encrypt your documents, pictures and other data:
We''ve designed our CryptoGuard technology to stop prevalent and future crypto-ransomware. It does not try to detect this malware based on its static properties, but it detects crypto-ransomware based on its file system behavior. If suspicious behavior is detected, it is then blocked (the encryption of the files) and the malware is neutralized, without the need for any user intervention. The benefit of this solution is that it is much harder for a malware-author to radically change its behaviour (taking the files hostage) than it is to change its static properties, i.e. where it is located and how the physical code is structured. CryptoGuard offers a more universal and future proof solution.
CryptoGuard works silently in the background at the file system level, keeping track of remote computers and local processes that are modifying your documents and other files.
After installing HitmanPro.Alert, CryptoGuard is automatically enabled to protect your data.
If you want to change any settings regarding CryptoGuard, follow these steps:
When CryptoGuard intercepts an attack on your personal files, it displays an Attack Intercepted message as shown below:
When the above alert is displayed, the malicious process is neutralized. It can no longer harm your files.
The Technical details can show you how the attack took place. The Process Trace in the example screenshot shown above reveals that a file called fax-message674-109-802.scr was responsible for attacking your data through the legitimate Windows file C:\Windows\SysWOW64\svchost.exe. HitmanPro.Alert also records this event, including the technical details, in the Windows Event Log.
The following video illustrates a CryptoWall and CTB-Locker ransomware attack on a workstation and how CryptoGuard will protect your files.
CryptoGuard works at the file system level and does not conflict with full disk encryption software like Microsoft BitLocker, Sophos SafeGuard or TrueCrypt.
HitmanPro.Alert with CryptoGuard supports 32-bit and 64-bit versions of Windows 10, Windows 8, Windows 7, Windows Vista and Windows XP (SP3).