CyberNews Briefs

Ransomware Vaccine Intercepts Requests to Erase Shadow Copies

A new ransomware “vaccine” could transform the way organizations treat cyberattacks, preventing certain ransomware families from erasing shadow copies and promoting data recovery. The technology, which has been named “Raccine,” targets ransomware families that leverage the command vssadmin.exe to delete shadow copies on the targeted machine. The preventative software was released by security researchers Ollie Whitehouse and Florian Roth.

The previously mentioned command serves as a legitimate utility in Windows, allowing users the ability to administer shadow copies. However, ransomware variants often take advantage of this and use it to erase all shadow copies. Raccine can intercept the erasure request, and kill the process that made the request. Raccine is a tool compatible with all Windows devices dating back to 2000.

Read More: Ransomware Vaccine Intercepts Requests to Erase Shadow Copies

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.