Does Ransomware Affect External Hard Drives?

A file-encrypting malware, ransomware is a serious threat. Ransomware is malware that causes encryption of the victim’s files. It is known as ransomware because after the attack; the attacker demands a payment from the victim to restore access to the encrypted files. Thus, the name ransomware.

This article involves deep research about how ransomware affects external hard drives and how it seriously threatens information system security.

Will Ransomware Infect the External Hard Drive?

A general perception about an external hard drive is that it cannot be infected by ransomware. However, this is not true. Even external hard drives are not safe from the infection of ransomware. In fact, ransomware can spread to any drive connected to the computer.

Not just the infected PC’s boot drive, some ransomware can also encrypt data on external drives while they are connected to the PC. Even the backup drive can be rendered useless if left unplugged. At this point, there is no other solution other than paying the ransom.

Whenever an external drive is connected to the computer, the data and information stored are put at risk. The reason is that there is a greater probability that external hard drives will have some infection of the virus.

In cases when the external hard drives have no ransomware, it may spread from the PC to the hard drive. The question is, where do PCs get ransomware?

The answer to this question is pretty simple. Ransomware might spread from instant messaging web apps. Moreover, the most common source of a ransomware attack is downloading attachments from unknown e-mails. These e-mails mostly contain content and attachments that are malicious. Research has indicated that common social engineering techniques are all sources of the spread of ransomware. These include e-mails, chats, and peer-to-peer networking.

Can Malware Infect an External Hard Drive?

Malware is basically malicious software. It is an intrusive software with the design and purpose of damaging and destroying computers. Worms, trojan viruses, spyware, adware, and ransomware are all examples of malware.

External hard drives, like other computer drives, can get malware. External hard drives, whether mechanical or solid-state, are common sources of the spread of malware. Mechanical hard drives include hard disks, pen or thumb, and flash are examples of solid-state hard drives. External hard drives are at an increased risk of malware infection when connected to the PC.

Ransomware usually uses software called Disk Cryptor. This software enables ransomware to encrypt all the data on the target computer’s hard drive. Consequently, causing significant damage to the target computer.

Can Ransomware Infect USB?

Yes, ransomware can infect USB drives. It is said that infected USB drives are small devices with big threats to computers and the data stored. What looks like a simple chip on a stick can be a massive source of data stealing and ransomware when malicious.

This is a valid fact that USB ransomware can be a big threat to the industrial environment. The Honeywell report indicates that a USB drive acts as a vector. One such example is the famous Stuxnet attack on the Natanz Uranium enrichment Plant in 2009 in Iran.

In the Stuxnet attack of 2009, a worker inserted an infected USB drive into the plant’s control system. An undercover Israeli agent smuggled the USB drive causing a delay in the Iranian Nuclear Program.

It is thus better to scan the USB drive after inserting it into the system for viruses and ransomware to prevent system and information damage.

Does Ransomware Affect Backup Drives?

Always the probability of infection of backup data through ransomware exists. However, it is one of the best security measures to keep backup files. Yet sometimes, it also gets damaged through ransomware along with other data that is under protection.

It is, however, interesting to discover how ransomware infects backup files. Back files have built-in software that uses an API. These published APIs automatically delete older data that is of no use. Ransomware uses these APIs to infect and delete backup files.

Thus after an attack of the ransomware during detonation, the user finds out that all the backup data has been deleted too. This data also includes snapshots and any replicas.

Does Ransomware Affect All Drives?

It often comes into question if ransomware affects all drives. However, the answer is yes, unfortunately. Ransomware infects and affects all files and drives it identifies and sees on a computer. These files include hard drives, USBs, mounted network folders, network attached storage, and even dropbox folders.

A preventive measure is never to leave the hard drives permanently plugged into the PC. The reason is that ransomware can encrypt data on all devices that are connected to the computer. The boot drive is not the sole victim of ransomware.

Does Ransomware Encrypt the Entire Drive?

It usually depends on how the makers have designed the ransomware. Yet the possibility is that ransomware can encrypt the entire drive of the computer. It can also do secondary encryption.

Secondary encryption allows ransomware to encrypt files already available in the encrypted form. It takes approximately four hours for ransomware to encrypt and attack all the files on the computer. However, in case of a fast infection, it might take just forty-five minutes for the whole process.

Does Encrypting your Hard Drive Prevent Ransomware?

Encrypting the hard drive does not really prevent ransomware. However, the only benefit it has for the computer is that it prevents the attackers from reading the information that, too, if the hard drive was off during the attack.

A single remedy cannot be used to protect data and computers against ransomware. However, the safest and most reliable remedy at the moment is data encryption. Any comprehensive data protection strategy involves encrypting the data.

For this purpose, data encryption and software exist. Data encryption software help protect the data against malicious activities such as ransomware. This software provides security and protection to sensitive data by encrypting and controlling access.

 Does Ransomware Get Spread By USB Devices?

USB devices are the most common source of the spread of ransomware among networks and computers. Researchers at G data security have identified a new ransomware family. This ransomware family spreads using USB drives.

Ransomware spread through USB devices is a serious risk. A new ransomware that spreads through USB devices is Spora ransomware. The Spora strain is extremely sophisticated. The researchers have found that the infection caused by Spora ransomware is more innovative.

Because of ransomware strains like Spora, anybody bringing a USB device to the workplace is seen as a possible ransomware threat. Simple navigation through folders or a double click can activate the infection.

How to Protect Your Backups from Ransomware?

In view of the rising surge of ransomware attacks, it is almost impossible to protect backup files. The payout claims by attackers are increasing with the increase in attacks. However, the risk of ransomware can be decreased by using a number of defensive procedures and policies.

Organizations have formulated data security policies to protect data from ransomware attacks. Also, specific data protection strategies and software are installed to protect against ransomware attacks.

Every thirty-six seconds, a cyber-attack occurs. Thus, it is equally important to formulate a strategy to recover from the ransomware attack. One such remedy is off-site or cloud backup security.

The following five strategies can also be used to protect backup from ransomware attacks:

  • Daily backups:

It is essential to do a full backup daily or more frequently. The backup cycles should be shorter. A frequent full backup is necessary for quick recovery from a ransomware attack.

  • Effective Monitoring:

It is better to continuously and closely monitor any device connected to the computer. This increases the probability of identifying any malicious activity before it spreads to the whole network.

  • Implementation of Best Backup Practices:

The best practice to protect backup from a ransomware attack is to keep an off-site copy of the whole backup stored. Ideally, there should be three copies, including the one that is kept off-site. Most companies choose cloud storage to keep an off-site copy of the backup.

  • Providing Adequate Training to People:

Formulating and implementing a strict security policy among the people is better. The organization should be trained not to open unrecognized e-mails or download unnecessary attachments. There should be continuous updating of the security policies. Employees should also be given refresher notifications to keep them aware and alarmed.

  • Employ Cyber Security Expertise:

Depending on the network requirements and infrastructure of the organization, it should seek help from cyber security experts. At least the organization should have a good firewall and virus protection. For further recommendations, advice from cyber security vendors should be considered.

Does Ransomware Affect External Hard Drives?

If the external hard drive remains attached to the PC for a longer period, then the probability of ransomware infection increases. The ransomware from an external hard drive might spread into the whole computer and encrypt all the data that comes in this way.

Therefore, before the ransomware spreads and makes the hard drive useless, it is better to unplug the external hard drive from the computer.


Ransomware is a severe potential threat to information systems and network infrastructure. Either through USB drives, other external and internal drives, or even a WIFI, it can encrypt all the sensitive information present in a computer. Organizations should thus take necessary steps to prevent the spread of ransomware or to recover from it once it happens.

Recommended Reading