I was hit by a ransomware indentifying itself as Aurora by creating notepad files in several folders and requesting 100 $ in bitcoin, however this is not the point of this topic, the strange part atleast to me (not really experienced in ransomware) is that I seem to have succeeded in stopping it atleast temporarily (still early).
When I initialy noticed that I triggered some sort of malware I immediately disconected from the internet, ran a Malwarebytes scan deleted about 70 potential threats that it detected and tried a System Restore to a previous date. After restoring, my current situation is that my computer is fully functional, the folders where aurora notepads were created are few and mostly on my system drive, they did encrypt some files but they are completely irrelevent minor programs on the system drive, no documents images or anything of value was encrypted, and after 4 hours the infection does not seem to be spreading.
Now my question is why did this happen, why didnt the ransomware encrypt everything? But most importantly is there risk of it progressing and locking more files?
I dont have much hope in getting rid of this ransomware and I believe I will have to reinstall windows but it would be good if i could save some of my files, for that reason I thought about transfering some important files that are not encrypted to my external hardrive but thinking this as too risky I transfered them to an empty usb, that way if it turns out that the ransomware moved to the usb i dont lose anything and it was a good try.
Should i consider trying to backup as much files as I can to the external hardrive or is there risk of the ransomware spreading on it after I connect it to the computer?