CryptoGuard: Prevents your files from being taken hostage!
HitmanPro's CryptoGuard is a universal solution against crypto ransomware. This type of ransomware encrypts your personal files and demands a ransom fee to be paid in order to regain access to your files.
When your PC has been infected with crypto ransomware, all your documents, videos, images and other personal files are encrypted. This encryption prevents you from opening them, whether they are on your pc, connected drive or business network. You see a message stating you need to pay a certain amount of money (the ransom fee) to gain access to your personal files again. Payment typically has to be done via Bitcoins or prepaid cards from MoneyPak or Ukash.
So how do you prevent your files from being taken hostage?
Since malware authors are very creative with code packers and polymorphic engines we see that new or zero-day versions of ransomware cannot be timely detected using just antivirus signatures. We've also seen ransomware use code injection and hollow process techniques to hide inside legitimate processes. Think of explorer.exe or winword.exe encrypting your documents and files. It is a matter of time before crypto-ransomware like CryptoLocker will adopt these methods to bypass static group policies-based preventions.
HitmanPro.Alert's CryptoGuard technology does not try to detect the malware based on its static properties, but it detects crypto-ransomware based on its file system behavior. If suspicious behavior is detected, it is then blocked (the encryption of the files) and the malware is neutralized, without the need for any user intervention. The benefit of this solution is, that it is much harder for a malware-author to radically change its behaviour (taking the files hostage) than it is to change its static properties, i.e. where it is located and how the physical code is structured. CryptoGuard offers a more universal and future proof solution for both workstations and servers.
CryptoGuard works silently in the background at the file system level, keeping track of remote computers and local processes that are modifying your documents and other files.
CryptoGuard is part of HitmanPro.Alert 2.5 (or newer) and supports Windows 8.1, 8, XP, Vista and 7 (32-bit and 64-bit) and Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2 (64-bit).
On workstations, when CryptoGuard intercepts an attack on your personal files, it displays an Alert message as shown below:
When the above alert is displayed, the malicious process is neutralized. It can no longer harm your files.
To remove the malicious code from your computer you click on the Scan with HitmanPro button which will automatically download the HitmanPro anti-malware application (if not already installed on your computer).
HitmanPro will scan your computer for malicious programs and allows you to remove them.
On servers, when CryptoGuard intercepts an attack on the shared files, it writes a warning (level: Error) in the Windows Event Log to alert the system administrator:
The following video illustrates a CryptoLocker ransomware attack on a workstation and how CryptoGuard can protect your files.
CryptoGuard works at the file system level and does not conflict with full disk encryption software like BitLocker, Sophos SafeGuard or TrueCrypt.
Supports Windows 8.1, 8, XP, Vista and 7 (32-bit and 64-bit) and Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2 (64-bit).