Recently, attackers employing a CryptoLocker ransomware variant have been removing volume shadow copies on systems, disallowing the users from restoring those files and then encrypting the files for ransom. If a user cannot recover from backups, he/she is at the attacker’s mercy.

Responding to CryptoLocker Ransomware

In this technical session from BSides Boston (viewable in the video below), Carbon Black’s Ryan Nolette discusses the ins and outs of shadow copies, reveal how attackers are using them to encrypt files for ransom and then discuss ways you can quickly, and easily, detect and respond to these kinds of CryptoLocker ransomware attacks.