Software to detect and stop ransomware
Software to detect and stop ransomware
CryptoStopper™ is proven ransomware detection software to stop actively running ransomware infections on Windows workstations and servers. Want to try it for yourself? Check out our free ransomware simulator to see how CryptoStopper™ works!
CryptoStopper™ uses deception technology to detect ransomware. During the installation process, decoy files are strategically deployed. We call these Watcher Files. When ransomware begins the encryption process, CryptoStopper™ detects it in real-time and takes action.
Cyber security tools don’t need to be over burdensome. CryptoStopper™ doesn’t require additional hardware for you to maintain. Our ransomware detection software will have you protected in a matter of minutes.
When ransomware attacks, CryptoStopper™ takes swift action. An administrative alert is sent to your security team with critical details about the attack. The infected workstation is automatically shutdown to prevent further network damage.
With the Watcher Files deployed, CryptoStopper™ is continually monitoring for nefarious encryption activity. Even if the Watcher Files are deleted they self-heal and are protecting you again in milliseconds.
Unlike Anti-Malware, CryptoStopper™ is signature-less. Because CryptoStopper™ is watching for the encryption action itself, it will always detect the activity of encryption rather than detecting the specific variant of ransomware running.
Ransomware can’t avoid tripping over the Watcher Files. The Watcher Files are randomly generated to avoid detection. We are continually researching the latest ransomware variants to ensure CryptoStopper™ remains unavoidable.
Give it a try to see if it fits your needs.
All our products come with a 60 day money-back guarantee. If within the first 60 days you are not satisfied with our software, we will issue a full refund of the purchase price.
Windows 8, Windows 8.1 & Windows 10
Microsoft Windows Server 2008 and later
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Signature based products like anti-virus are not able to detect zero-day threats and A\V is only about 43% effective. Ransomware gets past your traditional defenses by using social engineering attacks against the company employees whom are not consistently able to distinguish a phishing email from a valid email. To make matters worse fileless ransomware attacks only require an employee to visit a site to start a ransomware attack that runs solely in memory. No files touch the disk so A\V never detects it.
We offer a 60 day money back guarantee. No other guarantee.
Yes. CryptoStopper™ uses an algorithm to monitor specially crafted WatcherFiles™. When Ransomware attacks your server, CryptoStopper™ correlates the offending user and immediately isolates that user. It simultaneously notifies the admin via email.
Yes, we offer a 60 day money back guarantee.
The average time to detection is :09 seconds.
Instead of monitoring each endpoint with CryptoStopper™, we monitor the data that sits on the file server, and again once a threshold is met, we flag that as ransomware.
Setting the archive bit will not activate CryptoStopper™ since setting the archive bit doesn’t modify the file. The archive bit is simply an attribute of the file.
CryptoStopper™ is extremely lightweight. The software only monitors the files that it creates so it’s not burdened by watching thousands of files.
Yes. WatchPoint provides automatic updates to CryptoStopper.
A typical install will take 15 minutes or less.
No, your backup only updates the archive bit and doesn’t modify the file.
CryptoStopper™ will detect all ransomware.
No. The software is not a HIPs. We monitor the data to look for an excessive amount of changes. Once that threshold is met, we know it’s ransomware or possibly an anomaly that should be investigated immediately.
CryptoStopper™ should be installed on your server to monitor for infections.
Potentially, although the false positives should be minimal we have found instances where a program folder is located in the same path as a protected shared folder. If the software is reinstalled you will get a false positive.