Software to detect and stop ransomware


CryptoStopper™ Product Tour

Stop actively running ransomware with our detection software

CryptoStopper™ is proven ransomware detection software to stop actively running ransomware infections on Windows workstations and servers. Want to try it for yourself? Check out our free ransomware simulator to see how CryptoStopper™ works!

See WannaCry and CryptoStopper™ work in real time

Watch CryptoStopper™ detect and respond to a WannaCry ransomware attack.

CryptoStopper™ DESKTOP

For most desktop and laptop computers
$1.30/mo per machine

Protect and STOP malicious
ransomware processes


Auto-terminates processes

File-less detection

Compatible with:

Try it FREE for 14 days!

Give it a try to see if it fits your needs.

Buy with confidence

All our products come with a 60 day money-back guarantee. If within the first 60 days you are not satisfied with our software, we will issue a full refund of the purchase price.

Feature Comparison

Feature Comparison

Always-on protection
Active defense
Signature-less detection
Deception technology
Server protection
System Requirements

CryptoStopper™ System Requirements

CryptoStopper Workstation

Windows 7

  • Service Pack 1
  • WMF 3.0
  • 64-bit versions, Windows6.1-KB2506143-x64.msu
  • 32-bit versions: Windows6.1-KB2506143-x86.msu

Windows 8, Windows 8.1 & Windows 10

  • No Prerequisites

CryptoStopper Server

Microsoft Windows Server 2008 and later

  • SBS not supported

Windows Server 2008

  • Service Pack 2
  • WMF 3.0 (KB2506146-x64.msu)

Windows Server 2008 R2

  • Service Pack 1
  • WMF 3.0 (KB2506143-x64.msu)

Windows Server 2012

  • No minimum requirements, its ready to go.


Network Requirements – Domain Environment

Still not sure?

If you’re not quite ready to buy, you can start a trial or you can learn more about ransomware and what CryptoStopper™ does to protect you.

Frequently Asked Questions

Why do I need another protection?

Signature based products like anti-virus are not able to detect zero-day threats and AV is only about 43% effective. Ransomware gets past your traditional defenses by using social engineering attacks against the company employees whom are not consistently able to distinguish a phishing email from a valid email. To make matters worse fileless ransomware attacks only require an employee to visit a site to start a ransomware attack that runs solely in memory. No files touch the disk so AV never detects it.

Do you guarantee protection?

We offer a 60 day money back guarantee. No other guarantee.

Will CryptoStopper™ isolate the offending workstation automatically?

Yes. CryptoStopper™ uses an algorithm to monitor specially crafted WatcherFiles™. When Ransomware attacks your server, CryptoStopper™ correlates the offending user and immediately isolates that user. It simultaneously notifies the admin via email.

Do you offer a guarantee on CryptoStopper™?

Yes, we offer a 60 day money back guarantee.

How quickly will CryptoStopper™ work to stop a ransomware attack?

The average time to detection is :09 seconds.

How does CryptoStopper™ continuously monitor a system for ransomware?

Instead of monitoring each endpoint with CryptoStopper™, we monitor the data that sits on the file server, and again once a threshold is met, we flag that as ransomware.

What if the archive bit is set?

Setting the archive bit will not activate CryptoStopper™ since setting the archive bit doesn’t modify the file. The archive bit is simply an attribute of the file.

What is the Performance Impact?

CryptoStopper™ is extremely lightweight. The software only monitors the files that it creates so it’s not burdened by watching thousands of files.

Will CryptoStopper™ automatically update?

Yes. WatchPoint provides automatic updates to CryptoStopper.

How long does it take to install CryptoStopper™?

A typical install will take 15 minutes or less.

Do you have a PC version of CryptoStopper™?

Yes, we have a beta version available now. Click here to download.

Will my backup trigger CryptoStopper™?

No, your backup only updates the archive bit and doesn’t modify the file.

Is CryptoStopper™ similar to a Host-based Intrusion Protection System?

No. The software is not a HIPs. We monitor the data to look for an excessive amount of changes. Once that threshold is met, we know it’s ransomware or possibly an anomaly that should be investigated immediately.

What if the infection happens directly on the server?

CryptoStopper™ should be installed on your server to monitor for infections.

Will I receive false positives from CryptoStopper™?

Potentially, although the false positives should be minimal we have found instances where a program folder is located in the same path as a protected shared folder. If the software is reinstalled you will get a false positive.