After re-reading your question, are you meaning to make a defence by manually removing the drive letter (e.g. C and D drive) from Disk Management, then manually adding drive letters when you want to access data? That might theoretically work, but would break any legitimate software (kill C and Windows might not boot even), and it would be a usability nightmare. Might as well do full drive encryption or something if you were already going to that extreme.
Yes. Your first reply was not what I asked about. I merely mentioned that I saw that Locky encrypts "unmapped network shares". As I don't use networks, I don't really know what that means, but the word "unmapped" gave me the idea to ask about what happens with unmapped partitions.
are you meaning to make a defence by manually removing the drive letter (e.g. C and D drive) from Disk Management, then manually adding drive letters when you want to access data?
Well, regardless of what I do, first and foremost I want to familiarize myself with all aspects of what a ransomware can and cannot do, because, as I've realized myself, user ignorance is actually the biggest threat to one's computer. I think you would agree.
And the answer to your question is yes. What I mean is removing manually the Drive Letter of a partition from Disk Management (or from any other partition management software). I wanted to know what happens in that case and whether a ransomware can still do its thing on the data from that respective partition.
As for the rest of your reply, yes, I know that removing the letter of a partition would make any software stored on that partition inoperable and, therefore, it is unpractical for partitions one uses on a regular basis.
But (if it truly shuts down ransomware's access to that partition) it is a viable solution in case one uses that partition for archiving purposes only, for files which he no longer needs on a regular basis. For instance, if one has a 500 GB HDD (or whatever) and he needs to archive 50 GB of data (let's say a digital library of documents or whatever). In that case, one can create a 100 GB partition, copy the 50 GB of data on that partition and then remove its letter. If there is no other software on that partition and the respective person needs to access that archive only once per month and therefore has to manually add the letter again that seldom, then there isn't any inconvenience.
Edited by DukeBob, 18 March 2016 - 01:58 PM.