CryptoMonitor is a new Anti-Ransomware solution that was developed to protect your computer or server against the wave of encrypting Ransomware that has been in the wild the last few years. These infections, like CryptoWall, CryptoLocker, CTB Locker, CryptorBit, KeyHolder, TELSA, Operation Global, TorrentLocker, CryptoDefense, ZeroLocker (And Many Many More.), will use numerous exploits or other methods to get onto the victims machine and once launched encrypts/locks all personal files. When completed the Ransomware will then hold true to its name, and demand a ransom in order to get your files back, or forever face life without them.
All too often victims do not have backups of their files, cannot or will not pay the criminals, or their Anti-Virus software simply wasn't enough to prevent these attacks. With all of this in mind, CryptoMonitor was created to prevent your data being encrypted even when the ransomware bypasses your installed anti-virus solution.
CryptoMonitor does not rely on definitions to protect you from encrypting ransomware, but instead relies on behavioral detection that allows it to detect encrypting ransomware before it has a chance to encrypt your data. With this type of approach, even brand new crypto-ransomware infections will be stopped in their tracks without you having to worry about updates to the software. In fact, 90% of the time CryptoMonitor will lay in your system tray silently protecting you until the day you need it, and if that day comes your data will be safe.
Supported Operating Systems:
Windows XP - Windows 10
CryptoMonitor currently has 2 types of protection included in it (There will be add on protection methods in the future). There protection methods are called Entrapment Protection and Count Protection. Entrapment is the main protection method that is recommended to always be on, and is the quickest and most accurate way to detecting Ransomware. Count Protection is the secondary "Double Protection" that is optional. Count Protection is a very thorough and sensitive method and should be used when you want the most extreme protection from Ransomware. Count Protection can also have false positives at times.
Entrapment Protection lays numerous different types of traps all around your system that a Ransomware Infection cannot resist to touch. These traps send encrypted pattern signals back and forth between CryptoMonitor and themselves constantly. When a Ransomware Infection falls into one of these traps, the pattern is broken and CryptoMonitor immediately takes action. Once this happens, the machine is locked down and you are alerted about the infection and prompted for your decision on what actions to take. During this time, no file modifications are allowed, so your files are safe while you think about your course of action. With this protection enabled you may notice a few hidden files, registry keys, folders, and services running, but don't worry, they are there to protect you!
Count Protection (Pro Version Only)
Count Protection is a feature in the Pro version that is a offers double protection to your machine from Ransomware. This option is extremely sensitive and is the highest setting currently available to protect your files. CryptoMonitor Count Protection will constantly scan processes and use heuristics to categorize them into absolute trusted, unknown, and suspicious. While doing this, Count Protection will also log every time a process that isn't trusted calls API's to modify a personal file. Depending on the setting you set, when the process modifies over a certain number of personal files, under a certain time, then a flag is raised and CryptoMonitor will prompt you to take action.
For example: In my settings I may set it so that Count Protection only lets untrusted processes to modify 5 files in under 2 minutes. Now, if CryptoWall.exe modifies 6 files within 2 minutes, which it could easily do, then the machine would become locked and action needs to be taken.
Unfortunately, this protection method could lead to false positives due to backup software or other mass file manipulation programs. For this reason, we have included the ability to whitelist executables that may exhibit this behavior.
CryptoMonitor supports 2 types of alerting systems beside the prompt that is shown on screen when a infection is detected. These 2 types of alerts are Emails (Free and Pro) and Text Messages (Pro only). If set up in CryptoMonitor's settings, anytime a Ransomware flag is found and the machine gets locked down, a alert would be sent to either your email, phone, or both if setup this way.
To use these 2 Alerting systems, you must supply CryptoMonitor Settings the SMTP information of a email you plan to use to send these alerts from. This process may be a little confusing at first, but here is a great example on how to setup SMTP in a application like CryptoMonitor. If you get too confused, simply make a GMAIL Acct. and follow the directions since you will only be using this email to send alerts from the application anyways. Setup SMTP in a application
Process Injection Check (Pro Version Only)
More and more infections are injecting their code into legitimate processes rather than launching their own executable. This makes it harder for protection software, and even a person, to detect these computer infections because the injected processes look legitimate. Because whitelisting processes is possible with CryptoMonitor, we began to see an issue. What if the whitelisted application had malicious code injected into it? Then it would pass all our protection by being stealthy in a whitelisted app. With this in mind we created the Injection Check method in the Pro Version that checks for injected code, and if injected code is found, it is then treated as a hostile process and no longer a whitelisted one.
LockMode (Pro Version Only)
LockMode is a pro version feature that happens when CryptoMonitor could not Kill/Remove a infection right away. When LockMode is enabled, all modifications to your system are blocked until the infection can be removed manually or by a professional. Once this is complete you may turn off LockMode at any time. Think of it as your PC's FallOut Plan.
CryptoMonitor License Type Comparison
CryptoMonitor has a Free version and a PRO version. The main difference between the free version and PRO, is that the free version will not be able to protect you against encrypting Ransomware that injects malicious code into legitimate processes. In the free version, if a ransomware launches its own executable, then CryptoMonitor will attempt to terminate the process and alert you when behavioral flags are tripped. On the other hand, if the ransomware injects code into a legitimate process, then the free version will alert you but not be able to prevent the encryption from happening or terminate the legitimate process. The Pro version, though, would be able to protect you from both types of Ransomware.
Below is a list of the features of the Free and Pro versions.
CryptoMonitor Free features:
- Entrapment Protection as described above
- Email alerts
- The ability to automatically terminate malware processes when encryption attempts are detected. This does not protect you from injected processes.
Additional PRO only features:
- LockDown Mode (Keeps any processes from making changes to files if CryptoMonitor could not remove the threat, until a professional can remove it.)
- Ability to kill and block injected malicious code in legitimate processes.
- Blocks file modification until you make a decision on if the process is a threat or not.
- Ability to remove the threat after CryptoMonitor has killed it.
- Count Protection (Double protection from Ransomware by monitoring how many files are modified.)
- Ability to send Text Alerts when an infection flag is found.
- Check processes for malicious code injection.
Videos of CryptoMonitor in Action
EasySync CryptoMonitor - Preventing and removing CTB Locker Ransomware
EasySync CryptoMonitor - Preventing and removing CryptoFortress and Torrentlocker
EasySync CryptoMonitor - Preventing and removing CryptoFortress and Torrentlocker 2
EasySync CryptoMonitor - Preventing and removing CryptoLocker Generic Ransomware
EasySync CryptoMonitor - Free Version Infection Pop up
Edited by Nathan, 01 July 2015 - 09:26 PM.