Security News > 2020 > October > Ransomware Vaccine Intercepts Requests to Erase Shadow Copies
2020-10-05 14:59
A newly released "Vaccine" can prevent certain ransomware families from erasing shadow copies to prevent data recovery.
Dubbed "Raccine" and released by security researchers Florian Roth and Ollie Whitehouse, the vaccine targets ransomware families that leverage vssadmin.
Exe to delete all shadow copies on a compromised machine.
Raccine was designed to intercept the request to erase shadow copies, and also to kill the process that made the request.
Exe is invoked for the legitimate deletion or modification of shadow storage and refrain from using the vaccine if the Windows utility is frequently used.