The CryptoLocker ransomware has been in the news recently. It is malware that uses email attachments as a vector to spread. It arrives as an executable file disguised as a PDF file, packed into a zip attachment. When it is opened, it encrypts the user’s data on all the local hard drives of the system. While there may be several other tools and security software that may help protect you from the CryptoLocker ransomware, one good free anti-ransomware tool which comes to my attention was HitmanPro.Alert.
While having a fully updated operating system, browser along with an antivirus or security software is generally more than enough to protect any Windows computer, if you are looking for an additional layer to security you may want to check out HitmanPro.Alert.
HitmanPro.Alert Review
HitmanPro.Alert is a free browser integrity & intrusion detection tool that alerts users when online banking and financial transactions are no longer safe. The latest version HitmanPro.Alert 2.5 also contains a new feature, called CryptoGuard that monitors your file system for suspicious operations. When suspicious behavior is detected, the malicious code is neutralized, and your files remain safe from harm.
HitmanPro.Alert focuses on keeping your system safe from banking trojans. HitmanPro.Alert will instantly detect over 99% of all known and new banking Trojans & Man-in-the-Browser malware and automatically inform users when critical system functions are diverted to untrusted programs. When you bank or shop online or remotely connect to your office, cybercriminals try to target the vulnerabilities in your browser, plug-ins and operating system and silently infect your computer. HitmanPro.Alert will immediately alert you if it detects any intrusions.
The newly introduced CryptoGuard works silently in the background at the file system level, keeping track of processes modifying your personal files – without requiring any user interaction. ThusHitmanPro’s CryptoGuard can protect you against the CryptoLocker ransomware, which encrypts your personal files and demands a ransom fee to be paid in order to regain access to your files. The moment any attempt is made to change the status of the files, you will be alerted. It works at the file system level and does not conflict with a full disk encryption software like BitLocker, TrueCrypt, etc.
Once you have downloaded and installed HitmanPro.Alert, you will find that it sports a clean simple interface. Clicking on the Settings button will open the settings box, where you can configure the options.
If you open the Program Folder, you will see a single small hmpalert application file. The tool runs a HitmanPro.Alert service in the background which utilizes near-nil resources. The description for this service reads as Web browser intrusion detection, real-time and forensics-based, watching for banking trojans and Man-in-the-Browser attacks.
Now every time you open your browser, you will see a small notification for a few seconds saying that HitmanPro.Alert is watching your browser.
If any browser intrusion is detected, you will receive an alert.
When CryptoGuard intercepts an attack on your personal files, it presents you with an Alert message. When the above alert is displayed, the malicious process is neutralized. It can no longer harm your files.
HitmanPro.Alert will not help you remove the malware should your computer get infected. You will have to use a security scanner software to remove it. What this tool does, is that it instantly alerts you if it detected malware activities when you are browsing & try to disable it – and this can be especially useful if you are carrying out sensitive financial or banking transactions. The vaccination feature makes most sandbox-aware malware disable itself. It can protect you against CryptoLocker Ransomware and financial trojans like Zeus, Shylock, SpyEye, Sinowal, Ice-IX, Citadel, Cridex, Carberp, Tinba and many more.
HitmanPro.Alert supports almost all browsers and runs on all the recent versions of Windows,. You can download it from here. Do note that HitmanPro.Alert 2.5 is currently in beta.
CryptoPrevent is another handy tool that provides your computer a shield against Cryptolocker or any other kind of ransomware. HitmanPro.Kickstart from the same publishers will help remove Ransomware. CryptoLocker Tripwire stops Server service and VSS as soon as it detects CryptoLocker ransomware on a Windows system. This post on how to prevent Ransomware will suggest steps to take to stay protected and offer links to ransomware removal tools.
The CryptoLocker Decryption Tool may help you decrypt your Cryptolocker encrypted file.
I’m going to give this a try as not even Comodo Dragon having Bitdefender phishing detector extension warned me about a link to a site which a colleague in antimalware research had found infected with Cryptolocker; the site probably has been cleaned by now, but not when I Googled its link…a European Netflix-type site; needless to say, I didn’t feel lucky enough to see if my otherwise very tough security layers would also be fooled by any Cryptolocker attack!
Hard though it may be, don’t pay ANY ransoms even to Cryptolocker; if many do pay, it’ll only encourage even more development/deployment of such scumware. I can add only that if Cryptolocker gets on a system, it can be manually neutralized by most antimalware techs/proficient users, then removed by say Malwarebytes; if any files are still encrypted, you can try using a restore point (actually, works better if you have apps like ShadowExplorer working if you have a VSS-enabled OS), or you can try right-clicking an affected file, going to Properties, and seeing if it has previous versions and if so thus revert the file to a useable state.
Thanks for the tip on HitmanPro!
Thanks for the info about “Hitman Pro” Andy I will download and install it to test it on one of my PC’s before installing on the others. If it does a says then this will be a [another] worthwhile security program to have. More so if it can catchwarn about the likes of cryptolocker.
Dan
Thanks for the info regarding cryptolocker [possible] repairfix
Erniek
You and all on earth are always welcome, when it comes to tips against malware as I find new ones. BTW, I’ve had this Hitman product on a Windows 7 Home Premium SP1 64 bit since my original comment, and so far OS/security apps/everything else has no conflicts as yet, and the Hitman Pro app does seem capable of blocking Cryptolocker (use a competent AV updated scanner to remove if Hitman blocks it).
EDIT: I forgot to mention that working on basic/home premium is important, in that many ransomware blockers require the group policy editor feature to do their blocking (they watch gpe objects, and basic/home premium don’t have gpe). It appears HitMan Pro’s blocker is object-agnostic, instead simply looking at what is being attempted with ANY file, period. If anyone has problems running Hitman’s beta, the only other free ransomware blocker not using gpe I know of is “CryptoPrevent” by Foolish IT; free version has to be manually updated, its paid version auto-updates, but please know I myself haven’t used it nor have I seen tests on it.
Dan
I have downloaded and installed CryptoPrevent. It was straight forward installation without any extras or hassles. The Premiumversion (special offer of under £10.00 in UK) thus enabling me to get auto updates for it.
When first installed there are 3 boxes out of 4 pre-selected
“Protect %appdata% –
fake file extension executables – &
whitelist exe’s
The one not selected by default is
“block temp extracted executables’ in archive files”
but easy to select this as well for maximum security.
Erniek
Would it be worthwhile to install both Hitman-pro-alert and CryptoPrevent?
I guess also have Malwarebytes sfw with a good anti-virus installed…
Joe
I don’t know if it is possible to run both together or not but I have now been running CryptoPrevent for the past 6 – 7 days and there is no slowdown on system[s] (installed on 3 PC’s). As for just how secureeffective it is I will not know unless I get hit [which is something I don’t really want to test out :-)]. So no [visible] activity, I suppose, is a good sign. It does not [seem] to interfere with other security programs either.
ErnieK
I would probably recommend that you do not run both Hitman-Pro-Alert and CryptoPrevent – no need anyway!
So, given the choice between HitmanPro.Alert and CryptPrevent, as it’s apparent there is no need for both, which is the choice.
All of my systems run either Professional or Enterprise versions of Windows.
I have deployed CryptoPrevent and AVG Cloud Care (content filtering) at client offices, I am also considering switching them to OpenDNS as another layer of precaution. The three together should be sufficient in prevention, in my humble opinion.
Both maybe effective, but I decided to go with CryptoPrevent.
Although this is a bit dated, with the addition of new ransomware each day, I find it appropriate to address.
HitmanPro.Alert 2.6.5 and CryptoPrevent can most definitely be used to complement one another. Please see the following link for a detailed explanation from a developer:
http://www.bleepingcomputer.com/forums/t/513182/cryptoguard-prevents-your-files-from-being-taken-hostage/