Maybe a dumb question, but I assume it will: does it search for the mask system wide?
A lot of people will backup (ie: just make a copy) to a permanently attached USB drive or network drive. Be it via a network path or a windows mapped drive letter or IP/dirname etc.
Are those in danger as well?
Also, what does it do to the location on disk where the files were stored? As I understand it, it picks them up, encrypts them, puts them in an encrypted blob and it puts that blob on a new location on the drive. If the originals are gone, it must have deleted them. What does it do to that drivespace? Does it scrub it? If not, will recovery software work on the "deleted" files?
I could go and get myself infected and check it out, but I am to big of a n00b to try and do that. Better leave that to the guys that have the knowledge and time for it. I might get myself in trouble more than I can handle right now...