Will this Setup Protect My Data Files from Malware (e.g. Ransomware)?

I set up an external drive for data backup (an SD card inside my laptop card slot). In addition, I connect with a cloud drive for offsite backup (an app that I run only when syncing files).

I always sign in and use my laptop as a ‘standard’ user. My external drive is set for UAC ‘read’ privilege only.

I then set my data sync app to run as admin only – meaning I need to type in the admin password before data can be synced to my external drive and to the cloud.

Of course I will remain vigilant about keeping OS and apps updated and avoid clicking email links or downloading unsolicited payloads,etc. — but in case I miss something and a ransomware comes through, will my Win 10 system stop that ransomware from encrypting my external drive?

Ransomware aversion and identification techniques

I don’t think there’s a need to go into the background here, but identification of the process may be better explored.

From a developer pov, at a high level, the files are modified, by virtue of the attack and attacker, they are modified quickly. This is an I/O operation. If I wrote a service that would monitor the IO on my machine for a large bump (configurable, process aware etc but thats implementation) could I not easily identify that; something weird is going on and shut down I/O ops for that period.

I do understand the implications of having low lvl HW control from a service/application, but lets say its a unicorn.

Is this the fastest response to 0days which wont be picked up ? To write for the HW level ? Or are there other factors involved ?

I know retail machines, even enterprise deskptops would not fly, but datacenter lvl, where backup corruption would be catastrophic would surely see some value.

Thoughts welcome.

// EDIT

The initial idea was to write for the firmware level, then maybe the bios, maybe even if advanced options of SSD’s for example, I don’t mean a service that will sit in the OS, as close as possible to the the HW lvl, hopefully self container like a PLC .. Well better.

Just lost the disk and partitions after DirectX update. Is it ransomware?

Everything just went FUBAR.

I just made a DirectX update, which took suspiciously long. Like 15 mins. And still it was stuck at “Initializing”.

I suspected something was wrong, and forced a hard restart of my machine by turning off the power.

Now this is where things get really weird. I have 2 1 TB disks connected in GPT mode in Windows 8.1 (patched with latest updates)

When I reboot, I only see my boot disk. My second disk is ENTIRELY GONE.

What happened ??

Its not even present on Windows Disk Management.

I refuse to believe that all this can happen just because of a DirectX update. And I think it is too convenient that my disk crashed right after a suspicious update.

My suspicions are that the malware encrypted my disks but failed to do the entire job since I rebooted in the middle of it all.

My question is what do I do now? EaseUS Partition Manager can’t see my second disk.

What do I do?

Why is so much ransomware breakable?

The site: https://www.nomoreransom.org/ offers many decrypter tools for ransomware.

But why?

It shouldn’t be so hard to use the Windows Crypto API (e.g. just google “create AES Key in Windows”) to create AES Keys, encrypt them with a locally generated public RSA Key and encrypt the corresponding private RSA Key with a Public RSA Key that the attacker controls. (The method of Wanacry.)

If the victim pays the ransom, they have to send the encrypted private RSA key to the attackers, and hopefully get the decrypted private RSA key back.

Why do these people try to reinvent the wheel and in the process make mistakes that allow the development of decrypter tools?