CryptoStopper FAQ

Posted by Chris Hartwig on May 5, 2016 2:40:42 PM
Chris Hartwig
submit to reddit

Watchpoint_CryptoStop_Blue_1572x325 w-TM NO IO.png

  CrytoStopper_explainer_646x208-1.png

QUESTION: Will CryptoStopper isolate the offending workstation automatically?

ANSWER: Yes. CryptoStopper uses an algorithm to monitor specially crafted WatcherFiles. When Ransomware attacks your server, CryptoStopper correlates the offending user and immediately isolates that user.  It simultaneously notifies the admin via email.

QUESTION: Do you have a PC version of CryptoStopper?

ANSWER: Yes, we have a beta version available now.  Click here.

 

QUESTION: Will CryptoStopper automatically update?

ANSWER: Yes. WatchPoint provides automatic updates to CryptoStopper.

 

QUESTION:  Do you offer a guarantee on CryptoStopper?

ANSWER: Yes. We offer a 60 day money back guarantee.

 

QUESTION: How long does it take to install CryptoStopper?

ANSWER: A typical install will take 15 minutes or less.

 

QUESTION: Will my backup trigger CryptoStopper?

ANSWER: No. Your backup only updates the archive bit and doesn’t modify the file.

 

QUESTION: How quickly will CryptoStopper work to stop a ransomware attack?

ANSWER: The average time to detection is 17 seconds.

 

QUESTION: Does this software detect only CryptoLocker or will it find the other ransom problems as well?

ANSWER: CryptoStopper will detect all ransomware.

 

QUESTION: How does CryptoStopper continuously monitor a system for ransomware?

ANSWER: Instead of monitoring each endpoint with CryptoStopper, we monitor the data that sits on the file server, and again once a threshold is met, we flag that as ransomware.

 

QUESTION: Is CryptoStopper similar to a Host-based Intrusion Protection System?

ANSWER: No. The software is not a HIPs. We monitor the data to look for an excessive amount of changes. Once that threshold is met, we know its ransomware or possibly an anomaly that should be investigated immediately.

 

QUESTION: What if the archive bit is set?

ANSWER: Setting the archive bit will not activate CryptoStopper since setting the archive bit doesn’t modify the file. The archive bit is simply an attribute of the file.


QUESTION: What if the infection happens directly on the server?

ANSWER: CryptoStopper should be installed on your server to monitor for infections.


QUESTION: What is the Performance Impact?

ANSWER: CryptoStopper is extremely lightweight. The software only monitors the files that it creates so it's not burdened by watching thousands of files.

 

QUESTION: Will I receive false positives from Cryptostopper?

ANSWER:  Potentially. Although the false positives should be minimal we have found instances where a program folder is located in the same path as a protected shared folder. If the software is reinstalled you will get a false positive. 

 

 Sign Up

 

Topics: Cyber Threats