Helping people with computers... one answer at a time.

Ransomware infecting an external drive is a danger if your computer itself is in danger of a malware infection.

I've read that an external hard drive used for backups should not be left connected to a PC as ransomware can encrypt what is on that as well as what is on the computer. That would seem to be a problem with incremental backups. Can ransomware do this? Does it apply to a full system backup as well as data files? If so, is the only fall back position to disconnect the external hard drive when working and to reconnect it but disconnect it from the internet each night?

In this excerpt from Answercast #89, I look at the possibility that ransomware can infect other drives connected to your computer and hold you at ransom.

Ransomware infecting external drives

So, there's a lot of concern here - I get that. But, it's not something I worry about on a daily basis for a couple of different reasons.

So let me answer the question that you asked.

Can ransomware infect external drives?

Can ransomware do this? In other words, can ransomware actually encrypt not only your main machine but your external hard drive at the same time so that you cannot access the information until you pay the ransom for the decryption key.

Can it? Absolutely, yes.

Does it? I've actually never heard of ransomware working that way. Ransomware that I've encountered has always encrypted only the primary hard drive of the system and sometimes not even all of that. Sometimes they simply encrypt data files or program files or just enough to allow the system to keep running but actually hide your valuable data from you.

So, in short, I don't really think it's that big of an issue.

Ransomware is a virus

Now, you called out "ransomware" specifically but I think that this isn't a problem that is unique to ransomware in any way, shape or form. Ransomware is just malware. It's just another form of virus. It's just another form of malware.

What that implies is... can malware do bad things to any of the other drives that are attached to your system?

And the answer there is, yes.

In fact, various forms of malware do exactly that. They infect not only your machine but they infect any additionally attached drives in order to propagate.

We hear this all the time from people who have USB drives that pick up malware on a machine that they are connected to - simply because they were connected at the time a malware infection happened. Then that external drive is taken to another machine and, through whatever appropriate steps, the malware is then infecting the second machine because the external drive that carried the infection was connected to it.

Protect yourself from malware

So, how do you protect yourself from all of this?

Well, you protect yourself from all malware (be it ransomware, or malware, or anything) the way you protect yourself in general:

  • Run anti-malware software;

  • Keep it up to date;

  • Get behind a firewall;

  • Behave well on the internet - don't download things you shouldn't download; don't open files you shouldn't open, don't open attachments you shouldn't open.

It's what we now consider to be standard common sense.

Be safe online

If you follow the basics of common sense for keeping your machine safe on the internet then you're keeping it safe not just from ransomware but from all malware that you might encounter along the way.

So, that's my advice.

Yes, if you want to disconnect your hard drive - absolutely you can. And... disconnect your machine from the internet while you're not using it; while you've got the hard drive connected - just to make sure that there's no way it can leap frog.

But in general I think that step is unnecessary - as long as you're practicing good internet connectivity hygiene. As long as you're doing the all of the right things to keep your machine safe in general.

(Transcript lightly edited for readability.)

Next from Answercast 89- How do I block floating ads on webpages?

Article C6261 - January 21, 2013 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?


January 22, 2013 10:31 AM

I read a news story recently where a small bank/credit union (I think) was hit with some ransomware and even their backups were affected because they were connected at the time of the infection.

January 22, 2013 2:29 PM

Ransom ware often attacks small business because it is the most profitable.

The data ransom first hit four Queensland medical centres a few weeks ago.

The centres do not want to be identified, but police say their data was locked up and encrypted by criminals possibly operating out of eastern Europe.

A ransom of $3,000 was then demanded, increasing by $1,000 a day until paid.

see news from our national broadcaster ABC

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.