I have an HDD partition that contains a Karaoke song library of 400 GB. Backing it up is cumbersome at best and requires a large external drive and hours of time.
The library is the only thing on the partition, so there is no reason to write to it.
My question is how do I write protect the partition, so that ransomware can't encrypt its data? Can I just use the NTFS permissions to do it?
In theory, no that's not sufficient - there could potentially be examples of ransomware which can modify NTFS permissions, since they would be running on your machine, so potentially have access to anything which can be changed in software.
In practice, I've not so far seen any ransomware which does this (although some do change permissions on system folders and partitions containing restore data), so it might currently be safe. I still wouldn't rely on it though, since it's entirely possible that a new strain of ransomware will come out tomorrow which specifically targets files with write protect flags set!
There is a device known as a "write blocker" which is available and is designed to allow data to be read from a drive whilst preventing data being written back to it. Using one of those with your drive would work as protection, but could be somewhat inconvenient, and they aren't especially cheap. You can also get external drive caddies which offer physical write protection switches, which might be an option if you're wanting to take your data on the move for use on other computers.
