Ransomware: mount/enable destination USB Disk as Pre-command and unmount/disable as Post-command?
With ransomware getting more sophisticated and (reportedly) even starting to attack backups on connected USB drives, it has been recommended (Windows Secrets newsletter, March 7, 2016) that users should "keep your backups offline most of the time". Ideally, one should unplug a USB backup HDD when a backup has been completed, then plug back in just before the next backup.
I run six backups overnight (three backups duplicated to two separate external HDDs). It is not practical for me to remember to disconnect the HDDs in the morning and reconnect them the following evening. Even if they were only connected overnight, that is still a fairly sizable window for ransomware to be able to get at them.
So my question is: can we make use of the Pre- and Post-commands, in some way to "mount" an external HDD immediately prior to a backup, then "unmount" (or "dismount"?) it when the backup completes?
The only thing I have found so far in my research that comes remotely close is the Windows DEVCON set of commands. This is part of the Windows Driver Kit (WDK) which has to be downloaded. Looking at the commands available, it appears that the "DISABLE" and "ENABLE" commands might do the job, although it is suggested that one of these may require a reboot when used - depending on the circumstances. In any case, it seems (so far) that DEVCON may be a bit beyond my capabilities and perhaps a bit overkill (if suitable here at all).
I am not even sure whether "unmounting" a USB drive in this way would be effective against ransomware. But assuming that it might work, has anyone looked at this and been able to get a working Pre-/Post-command script running?
Any advice appreciated. Thanks in advance,
Windows 7 Pro 64 SP1