I understand that in order to encrypt terabytes of data, a ransomware must work hard for hours on HDD and perhaps for under an hour on SSD.
So it has to leave obvious signs of doing so.. right?
Would a ransomware be visible in Windows Resource Monitor on Disk usage tab? Are all of them behaving similar in this regard or not?
EDIT: This is nothing as the proposed "duplicates". This question specifically is asking - if a particular type of malware expected to use disk in a way that can be detected in Resource Monitor Disk tab.. Under whatever name or disguised under whatever.. OR it uses some tricky access to disks that cannot be seen by Windows..
