Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoMonitor - Stop all known crypto-ransomware before it encrypts your data!


  • Please log in to reply
365 replies to this topic

#1 Nathan

Nathan

    DecrypterFixer


  • Security Colleague
  • 1,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:23 AM

Posted 03 April 2015 - 11:56 AM

By_CryptoMonitor322.png

http://www.easysyncsolutions.com/

 

 

 


Useful information!
CryptoMonitor PRO is now free for all users temporarily. Get protection against ransomware today for free!

 

 


Useful information!
All bugs and issues that were present in V1 of CryptoMonitor has now been fixed in CryptoMonitor V2. Thanks for your patience, and thanks to all the members who helped get CryptoMonitor to a stable build!

 

 

CryptoMonitor is a new Anti-Ransomware solution that was developed to protect your computer or server against the wave of encrypting Ransomware that has been in the wild the last few years. These infections, like CryptoWall, CryptoLocker, CTB Locker, CryptorBit, KeyHolder, TELSA, Operation Global, TorrentLocker, CryptoDefense, ZeroLocker (And Many Many More.), will use numerous exploits or other methods to get onto the victims machine and once launched encrypts/locks all personal files. When completed the Ransomware will then hold true to its name, and demand a ransom in order to get your files back, or forever face life without them.

All too often victims do not have backups of their files, cannot or will not pay the criminals, or their Anti-Virus software simply wasn't enough to prevent these attacks. With all of this in mind, CryptoMonitor was created to prevent your data being encrypted even when the ransomware bypasses your installed anti-virus solution.

CryptoMonitor does not rely on definitions to protect you from encrypting ransomware, but instead relies on behavioral detection that allows it to detect encrypting ransomware before it has a chance to encrypt your data. With this type of approach, even brand new crypto-ransomware infections will be stopped in their tracks without you having to worry about updates to the software. In fact, 90% of the time CryptoMonitor will lay in your system tray silently protecting you until the day you need it, and if that day comes your data will be safe.

 

 

Supported Operating Systems:

Windows XP - Windows 10

 

 

Download CryptoMonitor now!

 

Protection Overview

 

Settings-alerts.png

 

CryptoMonitor currently has 2 types of protection included in it (There will be add on protection methods in the future). There protection methods are called Entrapment Protection and Count Protection. Entrapment is the main protection method that is recommended to always be on, and is the quickest and most accurate way to detecting Ransomware. Count Protection is the secondary "Double Protection" that is optional. Count Protection is a very thorough and sensitive method and should be used when you want the most extreme protection from Ransomware. Count Protection can also have false positives at times.

Entrapment Protection
Entrapment Protection lays numerous different types of traps all around your system that a Ransomware Infection cannot resist to touch. These traps send encrypted pattern signals back and forth between CryptoMonitor and themselves constantly. When a Ransomware Infection falls into one of these traps, the pattern is broken and CryptoMonitor immediately takes action. Once this happens, the machine is locked down and you are alerted about the infection and prompted for your decision on what actions to take. During this time, no file modifications are allowed, so your files are safe while you think about your course of action. With this protection enabled you may notice a few hidden files, registry keys, folders, and services running, but don't worry, they are there to protect you!

Count Protection (Pro Version Only)

Count Protection is a feature in the Pro version that is a offers double protection to your machine from Ransomware. This option is extremely sensitive and is the highest setting currently available to protect your files. CryptoMonitor Count Protection will constantly scan processes and use heuristics to categorize them into absolute trusted, unknown, and suspicious. While doing this, Count Protection will also log every time a process that isn't trusted calls API's to modify a personal file. Depending on the setting you set, when the process modifies over a certain number of personal files, under a certain time, then a flag is raised and CryptoMonitor will prompt you to take action.

For example: In my settings I may set it so that Count Protection only lets untrusted processes to modify 5 files in under 2 minutes. Now, if CryptoWall.exe modifies 6 files within 2 minutes, which it could easily do, then the machine would become locked and action needs to be taken.

Unfortunately, this protection method could lead to false positives due to backup software or other mass file manipulation programs. For this reason, we have included the ability to whitelist executables that may exhibit this behavior.

 

CryptoMonitor Alerts

CryptoMonitor supports 2 types of alerting systems beside the prompt that is shown on screen when a infection is detected. These 2 types of alerts are Emails (Free and Pro) and Text Messages (Pro only). If set up in CryptoMonitor's settings, anytime a Ransomware flag is found and the machine gets locked down, a alert would be sent to either your email, phone, or both if setup this way.

To use these 2 Alerting systems, you must supply CryptoMonitor Settings the SMTP information of a email you plan to use to send these alerts from. This process may be a little confusing at first, but here is a great example on how to setup SMTP in a application like CryptoMonitor. If you get too confused, simply make a GMAIL Acct. and follow the directions since you will only be using this email to send alerts from the application anyways. Setup SMTP in a application


 

 

Process Injection Check (Pro Version Only)

More and more infections are injecting their code into legitimate processes rather than launching their own executable. This makes it harder for protection software, and even a person, to detect these computer infections because the injected processes look legitimate. Because whitelisting processes is possible with CryptoMonitor, we began to see an issue. What if the whitelisted application had malicious code injected into it? Then it would pass all our protection by being stealthy in a whitelisted app. With this in mind we created the Injection Check method in the Pro Version that checks for injected code, and if injected code is found, it is then treated as a hostile process and no longer a whitelisted one.

 



LockMode (Pro Version Only)

 

LockDown.png

 

LockMode is a pro version feature that happens when CryptoMonitor could not Kill/Remove a infection right away. When LockMode is enabled, all modifications to your system are blocked until the infection can be removed manually or by a professional. Once this is complete you may turn off LockMode at any time. Think of it as your PC's FallOut Plan.
 



CryptoMonitor License Type Comparison

 

FvP_CM.png

 

CryptoMonitor has a Free version and a PRO version. The main difference between the free version and PRO, is that the free version will not be able to protect you against encrypting Ransomware that injects malicious code into legitimate processes. In the free version, if a ransomware launches its own executable, then CryptoMonitor will attempt to terminate the process and alert you when behavioral flags are tripped. On the other hand, if the ransomware injects code into a legitimate process, then the free version will alert you but not be able to prevent the encryption from happening or terminate the legitimate process. The Pro version, though, would be able to protect you from both types of Ransomware.

Below is a list of the features of the Free and Pro versions.


CryptoMonitor Free features:

  • Entrapment Protection as described above
  • Email alerts
  • The ability to automatically terminate malware processes when encryption attempts are detected. This does not protect you from injected processes.

Additional PRO only features:

  • LockDown Mode (Keeps any processes from making changes to files if CryptoMonitor could not remove the threat, until a professional can remove it.)
  • Ability to kill and block injected malicious code in legitimate processes.
  • Blocks file modification until you make a decision on if the process is a threat or not.
  • Ability to remove the threat after CryptoMonitor has killed it.
  • Count Protection (Double protection from Ransomware by monitoring how many files are modified.)
  • Ability to send Text Alerts when an infection flag is found.
  • Check processes for malicious code injection.

For more info or to buy CryptoMonitor Pro, please visit our site.

 

 

Videos of CryptoMonitor in Action

 

EasySync CryptoMonitor - Preventing and removing CTB Locker Ransomware

http://youtu.be/YpMPUx167as

 

EasySync CryptoMonitor - Preventing and removing CryptoFortress and Torrentlocker

https://youtu.be/tt4PAHF2jro

 

EasySync CryptoMonitor - Preventing and removing CryptoFortress and Torrentlocker 2

https://youtu.be/b_r3PY7Uu78

 

EasySync CryptoMonitor - Preventing and removing CryptoLocker Generic Ransomware

https://youtu.be/te9ZxpR4uqU

 

EasySync CryptoMonitor - Free Version Infection Pop up

https://youtu.be/YpMPUx167as


Edited by Nathan, 01 July 2015 - 09:26 PM.

Have you performed a routine backup today?

BC AdBot (Login to Remove)

 


#2 alv117

alv117

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dyer,Indiana. U.S.A.
  • Local time:01:23 AM

Posted 03 April 2015 - 12:35 PM

Nathan, You are THE MAN Sir!       I'll be giving this a try today  :thumbup2:



#3 LeeWilt

LeeWilt

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 03 April 2015 - 12:59 PM

Disabled my anti-virus. Installed CryptoMonitor (free). Launched, at end if install process. Received errors: "Could not install CryptoMonitor Driver! Error: Copy driver file to system folder failed, check if you have permission." After selecting OK received second message: "There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor." Running Windows 7 Pro, 64-bit. Logged in as an administrator.



#4 Nathan

Nathan

    DecrypterFixer

  • Topic Starter

  • Security Colleague
  • 1,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:23 AM

Posted 03 April 2015 - 01:06 PM

Nathan, You are THE MAN Sir!       I'll be giving this a try today  :thumbup2:

 

Thanks for the kind words :) Let me know what you think!


Have you performed a routine backup today?

#5 Nathan

Nathan

    DecrypterFixer

  • Topic Starter

  • Security Colleague
  • 1,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:23 AM

Posted 03 April 2015 - 01:09 PM

Disabled my anti-virus. Installed CryptoMonitor (free). Launched, at end if install process. Received errors: "Could not install CryptoMonitor Driver! Error: Copy driver file to system folder failed, check if you have permission." After selecting OK received second message: "There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor." Running Windows 7 Pro, 64-bit. Logged in as an administrator.

 

Hello LeeWilt,

 

Sorry for the issue already! Don't worry, i believe you have ran across a bug i haven't been able to reproduce in BETA.

 

Please go into your Program  Files directory and look for the folder "EasySync Solutions" and click on it. After this, click the next folder which will either say "EasySync FileMonitor" or "EasySync CryptoMonitor".

 

In this folder you will find "CryptoMonitor.exe", Please right click this file and click "Run as Admin".

 

Let me know if these steps help you!

 

Edited because 32 bit question was ill-relevant, please continue to follow these steps :) 


Edited by Nathan, 03 April 2015 - 01:16 PM.

Have you performed a routine backup today?

#6 alv117

alv117

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dyer,Indiana. U.S.A.
  • Local time:01:23 AM

Posted 03 April 2015 - 02:25 PM

Nathan,

 

I had the same issue with installation (Win 8.1/64) I followed the instruction and it's now installed,if any issues arise I'll keep you informed.

 

 

Thanks Again!



#7 Nathan

Nathan

    DecrypterFixer

  • Topic Starter

  • Security Colleague
  • 1,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:23 AM

Posted 03 April 2015 - 03:02 PM

Sorry guys, I accidentally had a old version on the download link on my site. This has since been fixed and a update has been pushed out.

 

If you would like the latest version, please either restart the application, or click "Check for updates".

 

After that, you should no longer have this issue! :)

 

CryptoMonitor 1.0.510.0 Update

 

- fixes multiple Driver Permission issues.

- Driver's stop function has been updated.


Have you performed a routine backup today?

#8 alv117

alv117

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dyer,Indiana. U.S.A.
  • Local time:01:23 AM

Posted 03 April 2015 - 03:33 PM

Still getting this ...also program is not starting with windows automatically.

dQXNfi.png


Edited by alv117, 03 April 2015 - 03:35 PM.


#9 Nathan

Nathan

    DecrypterFixer

  • Topic Starter

  • Security Colleague
  • 1,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:23 AM

Posted 03 April 2015 - 03:39 PM

can you check ur version of the details tab of the program when u right click the icon? Thanks :)


Have you performed a routine backup today?

#10 alv117

alv117

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dyer,Indiana. U.S.A.
  • Local time:01:23 AM

Posted 03 April 2015 - 03:42 PM

I've got v 1.0.520.0

 

When I try to update I'm informed that I have the newest version.


Edited by alv117, 03 April 2015 - 03:45 PM.


#11 Nathan

Nathan

    DecrypterFixer

  • Topic Starter

  • Security Colleague
  • 1,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:23 AM

Posted 03 April 2015 - 03:48 PM

Try now :) all should be well.


Have you performed a routine backup today?

#12 Rocky Bennett

Rocky Bennett

  • Members
  • 2,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:12:23 AM

Posted 03 April 2015 - 03:55 PM

Has this been worked out yet? I am interested in trying.


594965_zpsp5exvyzm.png


#13 Nathan

Nathan

    DecrypterFixer

  • Topic Starter

  • Security Colleague
  • 1,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:23 AM

Posted 03 April 2015 - 03:57 PM

The application is in production :) so try away. Although I will say that when dealing with a Ransomware logical enough to inject / Mainstream Ransomware, Pro will give the best results.


Have you performed a routine backup today?

#14 alv117

alv117

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dyer,Indiana. U.S.A.
  • Local time:01:23 AM

Posted 03 April 2015 - 04:02 PM

:thumbup2: :thumbup2: :thumbup2: Seems to be working without errors now, I'll check to see if it starts with windows now.



#15 Nathan

Nathan

    DecrypterFixer

  • Topic Starter

  • Security Colleague
  • 1,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:23 AM

Posted 03 April 2015 - 04:02 PM

:clapping:

Thanks for the update!


Have you performed a routine backup today?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users