Anti-ransomware Module

Crypto ransomware is quickly gaining awareness within businesses due its the disruptive nature. It disrupts business operations by encrypting files and holding them "hostage" until the ransom is paid. In our experience, files shares and computers operating equipment are most impactful to business operations when compromised.

Hipara protects you by preventing what ransomware must do in order to succeed: encrypt. When an untrusted process attempts to encrypt files, we suspend that process and notify your security team.

How is Hipara able to do this? Hipara utilizes our kernel-mode driver to monitor file operations. When a file is opened in write mode, we check to see if the process is trusted. If it is not trusted, we take a backup of the file. When the file is modified, various algorithms* are ran to determine if the file is encrypted. If the file is encrypted, we suspend the process, restore the backup file, and send a notification to Hipara Server.

Never have your business operations held hostage by cyber criminals. Protect yourself with Hipara today!

  • The work was originally based upon Patrick Wardle's blog post and is being adapted for speed and improvements for detection

Some crypto ransomware families Hipara protects you from:

.CryptoHasYou. 777 7ev3n 7h9r 8lock8
Alfa Ransomware Alma Ransomware Alpha Ransomware AMBA Apocalypse
ApocalypseVM AutoLocky BadBlock BaksoCrypt Bart
BitCryptor BitStak BlackShades Crypter Blocatto Booyah
Brazilian BrLock Browlock BuyUnlockCode Cerber
Chimera CoinVault Coverton Cryaki Crybola
CryFile CryLocker CrypMIC Crypren Crypt38
Cryptear CryptFIle2 CryptInfinite CryptoBit CryptoDefense
CryptoFinancial CryptoGraphic Locker CryptoHost CryptoJoker CryptoLocker
CryptoMix CryptoRoger CryptoShocker CryptoTorLocker2015 CryptoWall 1
CryptoWall 2 CryptoWall 3 CryptoWall 4 CryptXXX CryptXXX 2.0
CryptXXX 3.0 CryptXXX 3.1 CTB-Faker CTB-Locker CuteRansomware
DeCrypt Protect DEDCryptor DetoxCrypto DirtyDecrypt DMALocker
DMALocker 3.0 Domino EDA2 / HiddenTear EduCrypt El-Polocker
Enigma Fakben Fantom Fonco FSociety
Fury GhostCrypt Globe GNL Locker Gopher
Harasom Herbst Hi Buddy! Hitler HolyCrypt
HydraCrypt iLock iLockLight International Police Association JagerDecryptor
Jeiphoos Jigsaw Job Crypter KeyBTC KEYHolder
Korean Kozy.Jozy KratosCrypt KryptoLocker Locker
Locky Lortok LowLevel04 Magic MaktubLocker
MIRCOP MireWare Mischa MM Locker Mobef
NanoLocker NoobCrypt ODCODC Offline ransomware OMG! Ransomware
Operation Global III PadCrypt PClock PizzaCrypts PokemonGO
PowerWare PowerWorm PRISM R980 RAA encryptor
Radamant Rannoh Ransom32 Rector RektLocker
RemindMe Rokku Samas-Samsam Sanction Satana
Scraper Serpico Shark ShinoLocker Shujin
Simple_Encoder SkidLocker / Pompous Smrss32 SNSLocker Sport
Stampado Strictor Surprise SynoLocker SZFLocker
TeslaCrypt 0.x - 2.2.0 TeslaCrypt 3.0+ TeslaCrypt 4.1A TeslaCrypt 4.2 Threat Finder
TorrentLocker TowerWeb Toxcrypt Troldesh TrueCrypter
Turkish Ransom UmbreCrypt Ungluk Unlock92 VaultCrypt
VenusLocker Virlock Virus-Encoder WildFire Locker Xorist
XRTN Zcrypt Zimbra Zlader / Russian Zyklon

Thanks to the great work done by @nyxbone for the list of ransomware families. Check out his original list at: http://www.nyxbone.com/malware/RansomwareOverview.html

Brett Cunningham

Read more posts by this author.

Subscribe to Hipara Blog

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!