Deletion of Volume Shadow Copies via WMI with PowerShell - PS Script (c1337eb8-921a-4b59-855b-4ba188ddcc42)
Detects deletion of Windows Volume Shadow Copies with PowerShell code and Get-WMIObject. This technique is used by numerous ransomware families such as Sodinokibi/REvil