We at Smart PC Utilities are very excited to announce the release of the second beta of our anti-ransomware software CryptoBuster. This new update brings a small but important set of changes and bug fixes that aims to improve the software’s performance and reliability, therefore, the user experience.
In the following notes, you will get a summary of features, enhancements, and bug fixes brought by CryptoBuster v1.0.935. You can view the complete list of changes on the CryptoBuster release notes page.
What is New in the Anti-Ransomware Solution, CryptoBuster v1.0.935:
Added the ability to filter the CryptoBuster security events by their status in the Security History.
Added an option in the CryptoBuster settings that allows to turn off and disable all CryptoBuster’s features.
Improved the CryptoBuster dashboard.
CryptoBuster uninstaller can now delete all honeypots created by CryptoBuster.
CryptoBuster can now show alerts about license expiration.
Fixed a critical bug that caused the CryptoBuster service to crash on computers using languages other than English.
Fixed bugs in the CryptoBuster licensing system.
Several bug fixes.
CryptoBuster v1.0.823 Beta 1 has a known issue that affects the updates installer module; this will prevent CryptoBuster from installing this update automatically, so you will have to download and install the new version manually.
Ransomware is a type of malware that can encrypt the victim’s files, databases, or applications, and hold them for ransom. Once the ransomware finishes encrypting the victim’s files, the victims will be asked to pay the ransom (usually in Bitcoin) so that they can recover their encrypted files. Recent ransomware strains can take a copy of the victim’s data before encrypting them then threaten to expose the data to the public if the victim refuses to pay the ransom.
Ransomware attacks are on the rise. According to SonicWall, ransomware volume jumped from 115.8 million attacks in Q1 to 188.9 million attacks in Q2. The top three ransomware strains seen in the wild by SonicWall are Ryuk, Cerber, and SamSam with the United States being the most targeted country. For that reason, knowing how to detect and stop ransomware becomes more critical than ever before.
Most users and companies already utilize software solutions such as anti-virus software to defend against ransomware; however, they may fail to provide full protection against ransomware as many ransomware strains nowadays can evade such solutions; that is why using only antivirus software is no longer enough to keep your machine malware-free and there is a need to use additional techniques to form a second line of defense. One of those techniques is the Honeypots.
What Is Ransomware Honeypot?
Honeypots is an effective technique to detect and stop ransomware attacks, thus protecting the user’s important data from permanent damage. Anti-ransomware honeypots are decoy files that users can create and deploy in various system locations that no program nor user would ever tamper with. The system will monitor the created honeypots, and it will react if it detects any changes made to the honeypots. Since ransomware encrypts all files in every relevant folder, it would naturally also encrypts the honeypot files, thus alerting the system that a program is tampering with the honeypot.
To increase the effectiveness of honeypots in detecting and stopping ransomware; honeypots should have the following criteria:
Create honeypot files with file extensions that are commonly targeted by ransomware like text files, Microsoft Office documents, PDF.
Create honeypot files with random names and content so that ransomware won’t bypass them.
Create honeypots with file names that would allow ransomware to target them before targeting the user’s real files.
Create honeypot files in folders to minimize the chance of accidentally changing them by legitimate users or programs.
Create honeypot files in as many system locations as possible.
You can easily create honeypot files by yourself; however, you will need a program that can monitor the created honeypots, identify the process that changed the honeypot file, and react to honeypot changes. You can either use a general-purpose file system monitoring program to do the job; however, it will be a lot of work on your side to configure the software solution to monitor and react to the honeypot changes, or you can use our anti-ransomware solution CryptoBuster.
CryptoBuster has the following features that increase the effectiveness of honeypots:
Automate the creation and deployment of hundreds of honeypots in strategic system locations.
Uses optimized file names, extensions, and content for honeypot files to increase the effectiveness of honeypots.
Built-in tools to manage the created honeypot files.
Active monitoring of honeypots with a very low system footprint.
CryptoBuster can identify the process that changed the honeypot file.
CryptoBuster can be configured to react to honeypot changes with various actions like sending email notifications, suspending the suspicious process, or disabling the network.
In this guide, you will learn how to use CryptoBuster to create and manage honeypots; and how CryptoBuster reacts to honeypot changes.
Create Honeypots in CryptoBuster
In CryptoBuster, you can either create honeypot files manually customizing their names, types, and locations, or you can use the Honeypots Wizard that can create hundreds of honeypots with optimized file names and types in all important system locations.
To create a custom honeypot file manually, follow the step below:
From the CryptoBuster dashboard, under the Honeypots section select Manage.
In the Honeypots Manager, click the Create File button located in the lower-right part of the CryptoBuster’s user interface.
In the New Honeypot File dialog box, specify the honeypot file name, location, type, and options, then click the OK button to create and register the honeypot file with CryptoBuster.
To create honeypots using the Honeypots Wizard, follow the step below:
From the CryptoBuster dashboard, under the Honeypots section select Manage.
In the Honeypots Manager, click the Honeypots Creation Wizard link located in the lower-left part of the CryptoBuster’s user interface.
In the Honeypots Wizard, specify the locations where you want to create honeypots, then click the Create Honeypots button to create and register the new honeypots file with CryptoBuster.
Manage Ransomware Honeypots
Use the CryptoBuster Honeypots Manager to browse and manage all honeypots created and registered with CryptoBuster and get their details like names, locations, and types.
Use the Honeypots Manager to delete the created honeypots. DO NOT delete them directly or by using any other programs as CryptoBuster will flag this action as malicious and will suspend and terminate the process that deleted the honeypots and may force the computer to shut down.
CryptoBuster actively monitors honeypots for any unauthorized changes. If CryptoBuster detects that one or more of the created honeypots were changed, it will automatically apply the Honeypots Monitor actions that may include sending an email notification, suspending the program that changed the honeypot then terminating its process tree, and disabling all active network adapters (You can configure those actions in the CryptoBuster settings).
By default, CryptoBuster will terminate all processes and force the computer to shut down if three or more honeypot files were changed, as those changes strongly indicate an ongoing ransomware attack. Honeypots Monitor actions aim to protect your data and minimize the damage caused by ransomware.
CryptoBuster will also display a notification to inform the user about the changed honeypot file and which program changed it.
Honeypots is an effective technique with very low false-positive chances to detect and respond to ransomware attacks before any real files have been encrypted. CryptoBuster automates the creation and monitoring of honeypots, thus increasing the effectiveness of honeypots.
We at Smart PC Utilities are proud to announce the release of the first Beta of our new anti-ransomware solution CryptoBuster. We designed our new software solution to work with your existing security product to offer an additional security layer and form the last line of defense against ransomware to protect your valuable data from permanent damage.
CryptoBuster features a user-friendly interface that makes it very easy to use and customize; it also has a small system footprint so that it can run smoothly side by side with your existing security solution without affecting the system performance.
The current CryptoBuster Beta offers two main protection modules to help detect and stop ransomware, Honeypots and File Extensions Monitor.
Honeypots are decoy files that CryptoBuster uses to detect malicious activities on your computer; this is an efficient and proven technique with low false-positive chances to detect and stop ransomware when they start to encrypt the user files.
You can either create honeypots manually customizing their names, locations, and file types, or you can take advantage of the Honeypots Wizard that can deploy dozens of honeypot files in all critical system locations using custom names and file types that would allow ransomware to target those honeypots before they start to encrypt the user’s files, thus protecting important data from being encrypted by ransomware.
CrpyotBuster will instantly monitor the created honeypots and will notify you when an unauthorized program changes a honeypot file as this strongly indicates malicious activity. Besides notifying the user about honeypot changes, CryptoBuster can be configured to respond to honeypot changes with a series of actions aimed to prevent data damage like sending an email notification, suspending the program that changed the honeypot then terminating its process tree, and disabling all active network adapters.
Learn more about honeypots and how to use them to protect your computer from ransomware from the CryptoBuster user guide.
File Extensions Monitor
Besides Honeypots that are effective to stop ransomware when they start to encrypt the user files, File Extensions Monitor can monitor the file system to detect the creation of specific types of files that may indicate ongoing ransomware attack or sometimes may indicate the preparations for an attack.
For instance, CryptoBuster can detect the creation of files with extensions that are known to be used by ransomware to encrypt user files, also you can configure CryptoBuster to detect the creation of potentially dangerous files like batch files and scripts that are commonly used in ransomware attacks, or even to detect the creation of files of unknown types which is an aggressive technique used to stop most of the ransomware strains that change file extensions.
Learn about the File Extensions Monitor and how to properly configure it to help detect ransomware from the CryptoBuster user guide.
We will continue to improve the existing CryptoBuster protection modules and introduce new ones; here are some features and ideas we are working on:
The development of a Windows Driver to intercept and block ransomware at the Kernel level.
Support the creation of honeypots and file monitoring in network shares.
New protection module to monitor services, scheduled tasks, and startup programs to prevent ransomware from achieving persistence.
Working on techniques to detect and prevent data exfiltration.
Please feel free to report any bugs and share any feedback and suggestions you have; this will greatly help us improve our software solution.
Microsoft Windows 11 v10.0.22000 and later.
Microsoft Windows 10 2004 and later (32-Bit and 64-bit).