I’ve read that an external hard drive used for backups should not be left
connected to a PC as ransomware can encrypt what is on that as well as what is
on the computer. That would seem to be a problem with incremental backups. Can
ransomware do this? Does it apply to a full system backup as well as data
files? If so, is the only fall back position to disconnect the external hard
drive when working and to reconnect it but disconnect it from the internet each
In this excerpt from
Answercast #89, I look at the possibility that ransomware can infect other
drives connected to your computer and hold you at ransom.
Ransomware infecting external drives
So, there’s a lot of concern here – I get that. But, it’s not something I worry about on a daily basis for a couple of different reasons.
So let me answer the question that you asked.
Can ransomware infect external drives?
Can ransomware do this? In other words, can ransomware actually encrypt not only your main machine but your external hard drive at the same time so that you cannot access the information until you pay the ransom for the decryption key.
Can it? Absolutely, yes.
Does it? I’ve actually never heard of ransomware working that way. Ransomware that I’ve encountered has always encrypted only the primary hard drive of the system and sometimes not even all of that. Sometimes they simply encrypt data files or program files or just enough to allow the system to keep running but actually hide your valuable data from you.
So, in short, I don’t really think it’s that big of an issue.
Ransomware is a virus
Now, you called out “ransomware” specifically but I think that this isn’t a problem that is unique to ransomware in any way, shape or form. Ransomware is just malware. It’s just another form of virus. It’s just another form of malware.
What that implies is… can malware do bad things to any of the other drives that are attached to your system?
And the answer there is, yes.
In fact, various forms of malware do exactly that. They infect not only your machine but they infect any additionally attached drives in order to propagate.
We hear this all the time from people who have USB drives that pick up malware on a machine that they are connected to – simply because they were connected at the time a malware infection happened. Then that external drive is taken to another machine and, through whatever appropriate steps, the malware is then infecting the second machine because the external drive that carried the infection was connected to it.
Protect yourself from malware
So, how do you protect yourself from all of this?
Well, you protect yourself from all malware (be it ransomware, or malware, or anything) the way you protect yourself in general:
Run anti-malware software;
Keep it up to date;
Get behind a firewall;
Behave well on the internet – don’t download things you shouldn’t download; don’t open files you shouldn’t open, don’t open attachments you shouldn’t open.
It’s what we now consider to be standard common sense.
Be safe online
If you follow the basics of common sense for keeping your machine safe on the internet then you’re keeping it safe not just from ransomware but from all malware that you might encounter along the way.
So, that’s my advice.
Yes, if you want to disconnect your hard drive – absolutely you can. And… disconnect your machine from the internet while you’re not using it; while you’ve got the hard drive connected – just to make sure that there’s no way it can leap frog.
But in general I think that step is unnecessary – as long as you’re practicing good internet connectivity hygiene. As long as you’re doing the all of the right things to keep your machine safe in general.
(Transcript lightly edited for readability.)
Next from Answercast 89- How do I block floating ads on webpages?
2 comments on “Can ransomware impact my backups on an external drive?”
I read a news story recently where a small bank/credit union (I think) was hit with some ransomware and even their backups were affected because they were connected at the time of the infection.
Ransom ware often attacks small business because it is the most profitable.
The data ransom first hit four Queensland medical centres a few weeks ago.
The centres do not want to be identified, but police say their data was locked up and encrypted by criminals possibly operating out of eastern Europe.
A ransom of $3,000 was then demanded, increasing by $1,000 a day until paid.
see news from our national broadcaster ABC