Become a Patron of Ask Leo! and go ad-free!
Malware and backup images
To begin with, and perhaps the most important point, malware doesn’t understand the file formats being used by your backup program. That means that they have no way to infect or insert themselves into a backup image.
The backup images (the files that contain your backup) are usually unaffected by malware – completely.
Now, the drive could certainly be infected; that’s not that uncommon. Like any removable USB drive, it could be infected in such a way that if you were to take it to another machine, AutoRun would kick in and infect that other machine. That is independent of the backups stored on your drive. The backups are basically ignored. The virus files are just additional files placed on the hard drive without touching your backup images.
Now, a complete disk could be encrypted; all of the files could be encrypted or erased for that matter. It’s just not that common.
Current ransomware (the software that encrypts files on your machine and holds it for ransom) actually focuses only on certain file types. There are many different file types that they look for, like .docx, .jpg, .pst and many more, but certainly not all of them.
In part, that’s so that they don’t encrypt something that’s required to keep Windows running. They need Windows to keep running, so that they can post up their window that has the ransom demand and enables you to contact their payment provider so that you can pay (which you should never, ever do – for the record).
Backup images are not on the list. Backup images like “.tib”, “.mrimg” and others are, for now, left alone. I suspect that’s mostly because they would take a long time to encrypt. Backup images are usually pretty big and they’re not the low-hanging fruit that the malware authors are going for. More quickly and easily encrypted are things like your email files, pictures and the documents you’re currently working on or use daily – on your C: drive.
I’m not saying that an external backup drive can’t be harmed by malware. They absolutely can, as can drives connected via network shares on other machines. It’s just not that typical. If you like, keep copies of backups offline somewhere, but honestly in a world of things to worry about, this part just doesn’t rank all that high for me.
I’d rather have you focus on keeping your entire machine safe to begin with. Leave the drive connected so your backups happen on schedule. My concern is that by periodically disconnecting the drive, you’re actually relying on your memory to connect it again so that you can get your backups. My personal experience has shown that can be very, very risky.