Jump to content

Because of Ransomeware, Want to Take Disks Offline


nkormanik

Recommended Posts

Greetings all.  Because I've been struck by ransomeware before, I'd like to take the non-boot disk drives offline.

I'm seeking a simple program or batch file to rapidly take the other disks (say, Disk 2 and Disk 3) offline.  And, then, following some random execution of suspect program and being safe, to rapidly put the disks back online.

Any guidance greatly appreciated.

Nicholas Kormanik

 

 

Link to post
Share on other sites

Greetings,

You could use the built in Windows Defender controlled folder access feature, and you should be able to manipulate it through CLI or PowerShell as it can be controlled by the registry as well as Group Policy (assuming you have Windows Pro, as Home lacks the gpedit plugin/component).  Further info can be found in the following Microsoft support articles:

Enable controlled folder access
Protect important folders with controlled folder access
Customize controlled folder access: Protect additional folders

I hope this helps, and if there is anything else we might be of assistance with, please let us know.

Thanks

Link to post
Share on other sites

I bet you could write a script to do it automatically as it should be controllable through command line (for a batch file or similar) or through PowerShell and enable/disable access automatically just by running a script, though I don't personally know the specifics.  You could probably ask over on the Microsoft Technet forums and someone would likely be able to provide either a script ready-made, or at least the syntax/switches etc. available to write your own.

Link to post
Share on other sites

8 minutes ago, nkormanik said:

Going into Computer Management, and manually taking the drives offline is a bit cumbersome -- though I'm sure glad to have that option, too.

eSATA or other Removable Media may be the simple method.
I keep 'em on an External Power switch and turn-on when needed, and then Safely Remove then power down when no longer needed.

Link to post
Share on other sites

You may find this article to be helpful.  It indicates that you don't actually ever need to disable Controlled Folder Access.  Instead, you choose which apps are allowed to make changes to protected folders/drives so that it functions as a full-time protection.  So if you wanted to be super cautious you could prevent all apps from accessing your other drives and only make an exception when you need to change something there.

With that said, if all you want is a script to manipulate it, PowerShell commands are listed within this article.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.