I guess the answer is mostly yes, and maybe no. I am not an expert but it is my understanding that ransomware looks for attached storage and does so through the simple expedient of looking for mapped drives. If you removed the drive letter it would be hidden in most cases. However, it is possible (but I have no idea if anyone has implemented this) for ransomware to seek for drives that are attached but not mapped. After all, the disk management tools in Window$ can see all volumes, whether they are mapped or not, so it is possible that ransomware could be sophisticated enough to look for and map these volumes. I doubt that would normally be worth the progamming effort, but who knows?
When I first saw your question, my immediate reaction was “it is easier and safer to use a USB storage device and disconnect it”. I still consider that is the best response, but removing the drive letter is likely to provide a substantial (if not bullet-proof) additional layer of comfort. You do, however, have to rely of the effectiveness of Window$ OS and the drive mapping alogrithms. I think this may add some risk.
- You must login to post comments
Please login first to submit.