Deletes volume snapshots ( via shell commands > “%WINDIR%\System32\cmd.exe” /c vssadmin.exe Delete Shadows /All /Quiet")
As far as I know, valkyrie is based on cuckoos sandbox . So it should be possible to create a corresponding indicator for Valkyrie as well . In this way, it would be possible to recognize the types of ransomware using these function calls , or respectively create a general indicator for the execution of shell commands .