A new ransomware vaccine program has been created that terminates processes that try to delete volume shadow copies using Microsoft’s vssadmin.exe program. Ransomware infections do not want victims to use this feature to recover files if they are mistakenly changed or deleted. The Raccine ransomware vaccine works by registering the raccine.exe executable as a. a. debugger for vss admin.exe using the Image File Execution Options Windows registry key. The vaccine will monitor for the. deletion of shadow volume copies using the.vssadmin command.
Source: https://www.bleepingcomputer.com/news/security/new-ransomware-vaccine-kills-programs-wiping-windows-shadow-volumes/