does ransomware lie in wait, or would it be apparent if it's already infected my computer? Scanning my laptop has turned up nothing, but that no longer seems to mean much. I'll submit the files, but I'm terrified of attaching the infected USB drive to my computer again. Am I being overly paranoid, or can I attach it safely to my computer so long as I don't open any files?
quietman7 is correct that a lot of ransomware families delete themselves from a system after they have encrypted everything and almost none of them spread malicious files via USB drives. However, a ransomware infected system might have other malware on board that spreads to USB drives. Although it is unlikely, there is still a small possibility that the drive got also infected by your cousin's system.
But do you actually want to decrypt/recover files from that USB drive or are you only concerned about a possible infection? If you aren't interested in file recovery, you may check your system in Virus, Trojan, Spyware, and Malware Removal Logs
. Follow the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
If you are interested in file recovery and want to follow quietman's suggestion to scan the USB drive, take into account that Malwarebytes and other malware scanners might delete the ransom notes from the drive. Identification of the ransomware is harder without those notes.
I personally would only use your cousin's computer to plug in the USB drive and recover those files because that system is already infected and no additional harm will be done inserting the USB drive.
Edited by Struppigel, 16 December 2016 - 04:00 AM.