Protect against CryptoLocker Ransomware
Recently, attackers employing a CryptoLocker variant have been removing volume shadow copies on systems, disallowing the users from restoring those files and then encrypting the files for ransom. If a user cannot recover from backups, he/she is at the attacker’s mercy.
In this technical session from BSides Boston (viewable in the video below), Carbon Black’s Ryan Nolette discusses the ins and outs of shadow copies, reveal how attackers are using them to encrypt files for ransom and then discuss ways you can quickly, and easily, detect and respond to these kinds of attacks.
Source: Carbon Black Blog