Attacking Shadow Copies featuring Cryptowall

Ransomware has started to delete and disable shadow copies through the Virtual Snapshot Service in order to encourage ransom payouts. See how VSS-attacking ransomware works and how to stop it.

Cryptowall is a perfect example of how modern ransomware is evolving, using new techniques to disable shadow copies on Windows machines to remove the ability to recover from local backups.

Cb Defense’s shadow copy protection prevents the disabling or removing of local backups.