“properly power off the disk”, for an internal disk, isn’t really a thing. I don’t think that the OS, any OS, expects to regularly have disks totally lose power. Sure, hotswapping is a thing, but that’s still weird to do on a regular basis.

Having it “cold” to avoid malware and power surges is a fair idea, though. You’d still be concerned about the data lines getting a surge but that’s not as likely.

As a somewhat-less-cursed idea, how about an SBC like a raspberry pi on a smartplug inside your case? It can safely unmount the drive before asking the plug to turn itself off. Then there’s two devices that need to get crypto-lockered before you lose your data.

If you’re strictly just trying to keep the power down, configuring idle spindown for just that drive might accomplish the same thing.

There are only four billion IPv4 addresses. A modest botnet containing only 1000 nodes, each scanning one IP a second, can scan the entire space every month and a half.

This is typical. I ran a betting pool (in minecraft) with my friends on which country the latest unauthorized connection attempt was from. Prior to 2022 the safe money was Russia.

It would appear that your router is already proactively denying requests from known-bad connections. That’s good, but not sufficient.

If you expose SSH, use a public key or a strong (>128 bit strength) random password. Keep all port-forwarded software up to date to limit vulnerabilities. Use containers or virtual machines to limit the impact of a vulnerability.