Can ransomware affect ejected external hard drive? [closed]

Question

Closed. This question is opinion-based. It is not currently accepting answers.

Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.

Closed 4 years ago.

Improve this question

Can ransomware affect an external hard disk on Windows that has been ejected using "Safely remove" feature while keeping the drive plugged into my PC?

Do you eventually mean to say that the disk has been successfully ejected but still physically connected to the USB port? If so, I believe there are programmatic ways to reinitialize the USB hub and make the USB storage device reconnect itself to the OS without the need to physically remove and reinsert the same. — rajeev, Commented May 3, 2020 at 11:58
@rajeev to my understanding, that is not possible. If so, please let me know how... — LPChip, Commented May 3, 2020 at 12:12
@LPChip - There's a Windows app called Zentimo zentimo.com that does exactly that. How it does may be propitiatory however it can programatically reinitialize the ejected device. If required it can even reinitialize the underlying USB hub to get back the device that is ejected but still plugged in. You may try the 30 days eval version and explore it further. Since a software can do it, it should be possible by ways of a software program. Disclaimer - I am not affiliated with Zentimo in any way. I just tried it out for some of my needs. — rajeev, Commented May 3, 2020 at 12:22
@rajeev but I bet you need administrative privileges t do that. I mean you are interacting with hardware, and malware/ransom ware does not have administrative privileges. So I think we're safe here. I'm only not sure what happens if you reboot a pc. I think the attached drive is initialized upon boot. — LPChip, Commented May 3, 2020 at 12:34
I think you should edit your question to avoid the very obvious confusion. Physically connected drives can be compromised by ransomware. — anon, Commented May 3, 2020 at 13:50

karel · Accepted Answer · 2020-05-04 06:57:40Z

3

Your external hard drive has been ejected be the Safely remove feature in Windows, however it is still physically connected to the computer, and any program that has administrative access can remount it like in these examples including malicious software. Air gapping the external hard drive is a stronger way of preventing malware from accessing it.

edited May 4, 2020 at 6:57

answered May 4, 2020 at 6:28

karel

13.5k26 gold badges47 silver badges54 bronze badges

It may not be as easy as simple remounting, but basically you're right.
– Kamil Maciorowski
Commented May 4, 2020 at 6:35

Add a comment |

Stack Exchange Network

Can ransomware affect ejected external hard drive? [closed]

1 Answer 1

Not the answer you're looking for? Browse other questions tagged
windows
windows-10
ransomware
.

Linked

Hot Network Questions

Can ransomware affect ejected external hard drive? [closed]

1 Answer 1

Not the answer you're looking for? Browse other questions tagged windowswindows-10ransomware.

Linked

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
windows
windows-10
ransomware
.