Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can ransomware impact my backups on an external drive?

Question:

I’ve read that an external hard drive used for backups should not be left
connected to a PC as ransomware can encrypt what is on that as well as what is
on the computer. That would seem to be a problem with incremental backups. Can
ransomware do this? Does it apply to a full system backup as well as data
files? If so, is the only fall back position to disconnect the external hard
drive when working and to reconnect it but disconnect it from the internet each
night?

In this excerpt from
Answercast #89
, I look at the possibility that ransomware can infect other
drives connected to your computer and hold you at ransom.

]]>

Ransomware infecting external drives

So, there’s a lot of concern here – I get that. But, it’s not something I worry about on a daily basis for a couple of different reasons.

So let me answer the question that you asked.

Can ransomware infect external drives?

Can ransomware do this? In other words, can ransomware actually encrypt not only your main machine but your external hard drive at the same time so that you cannot access the information until you pay the ransom for the decryption key.

Can it? Absolutely, yes.

Does it? I’ve actually never heard of ransomware working that way. Ransomware that I’ve encountered has always encrypted only the primary hard drive of the system and sometimes not even all of that. Sometimes they simply encrypt data files or program files or just enough to allow the system to keep running but actually hide your valuable data from you.

So, in short, I don’t really think it’s that big of an issue.

Ransomware is a virus

Now, you called out “ransomware” specifically but I think that this isn’t a problem that is unique to ransomware in any way, shape or form. Ransomware is just malware. It’s just another form of virus. It’s just another form of malware.

What that implies is… can malware do bad things to any of the other drives that are attached to your system?

And the answer there is, yes.

In fact, various forms of malware do exactly that. They infect not only your machine but they infect any additionally attached drives in order to propagate.

We hear this all the time from people who have USB drives that pick up malware on a machine that they are connected to – simply because they were connected at the time a malware infection happened. Then that external drive is taken to another machine and, through whatever appropriate steps, the malware is then infecting the second machine because the external drive that carried the infection was connected to it.

Protect yourself from malware

So, how do you protect yourself from all of this?

Well, you protect yourself from all malware (be it ransomware, or malware, or anything) the way you protect yourself in general:

  • Run anti-malware software;

  • Keep it up to date;

  • Get behind a firewall;

  • Behave well on the internet – don’t download things you shouldn’t download; don’t open files you shouldn’t open, don’t open attachments you shouldn’t open.

It’s what we now consider to be standard common sense.

Be safe online

If you follow the basics of common sense for keeping your machine safe on the internet then you’re keeping it safe not just from ransomware but from all malware that you might encounter along the way.

So, that’s my advice.

Yes, if you want to disconnect your hard drive – absolutely you can. And… disconnect your machine from the internet while you’re not using it; while you’ve got the hard drive connected – just to make sure that there’s no way it can leap frog.

But in general I think that step is unnecessary – as long as you’re practicing good internet connectivity hygiene. As long as you’re doing the all of the right things to keep your machine safe in general.

(Transcript lightly edited for readability.)

Next from Answercast 89- How do I block floating ads on webpages?

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

2 comments on “Can ransomware impact my backups on an external drive?”

  1. I read a news story recently where a small bank/credit union (I think) was hit with some ransomware and even their backups were affected because they were connected at the time of the infection.

    Reply
  2. Ransom ware often attacks small business because it is the most profitable.

    The data ransom first hit four Queensland medical centres a few weeks ago.

    The centres do not want to be identified, but police say their data was locked up and encrypted by criminals possibly operating out of eastern Europe.

    A ransom of $3,000 was then demanded, increasing by $1,000 a day until paid.

    see news from our national broadcaster ABC
    http://www.abc.net.au/news/2012-10-25/ransomware-targeting-aussie-businesses2c-pcs/4332526

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.