Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


ransomeware on external hard drive. Best way to copy and store files?

  • This topic is locked This topic is locked
3 replies to this topic

#1 empod


  • Members
  • 5 posts
  • Local time:12:26 PM

Posted 02 November 2016 - 10:41 AM

Ok I got hit with the ransomware extension .sh*t.


I have done a clean install of the O/S HD, but the files on the external HD I want to remove and store on another HD in the hope someone find a a way to crack the code.


Is the HD  infected in anyway apart from all the files being password protected. In other words  can I safely open the HD and copy the files to another drive, without reinfecting my clean O/S HD?

Edited by empod, 02 November 2016 - 10:48 AM.

BC AdBot (Login to Remove)


#2 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,581 posts
  • Gender:Male
  • Location:USA
  • Local time:06:26 AM

Posted 02 November 2016 - 10:45 AM

I assume you are talking about Locky based on the word being filtered.


Yes, the files themselves are safe. You can always scan it with something like MalwareBytes to be sure, but the malware itself does not attach to the files. It typically deletes itself from your system when finished anyways, so most likely the system is clean of it as well. The only harm would be if there are malicious executable files (.exe, .bat, .scr, etc.) that are mixed in the data - if so, they are only a threat if double-clicked on. If you are just backing up all of the data with the .sh*t extension, then they are safe.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#3 empod

  • Topic Starter

  • Members
  • 5 posts
  • Local time:12:26 PM

Posted 02 November 2016 - 10:48 AM

Thanks for the confirmation..



#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,954 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:26 AM

Posted 02 November 2016 - 12:32 PM

Imaging the drive backs up everything related to the infection including encrypted files, ransom notes and registry entries containing possible information which may be needed if a solution is ever discovered. The encrypted files do not contain malicious code so they are safe. Even if a decryption tool is available, they do not always work correctly so keeping a backup of the original encrypted files and related information is a good practice.

BTW...there is an ongoing discussion in this topic where you can ask questions and seek further assistance if needed.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion. To avoid unnecessary confusion, this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users