New ransomware vaccine kills programs wiping Windows shadow volumes

A new ransomware vaccine program has been created that terminates processes that try to delete volume shadow copies using Microsoft’s vssadmin.exe program,

Every day, Windows will create backups of your system and data files and store them in Shadow Volume Copy snapshots.

These snapshots can then be used to recover files if they are mistakenly changed or deleted.

As ransomware infections do not want victims to use this feature to recover files for free, one of the first things they do when executed is to delete all Shadow Volume copies on the computer.

Read more…
Source: Bleeping Computer