Ehbit ninja's blog

Our IT ninja's blog about their professional experiences with IT technologies

Protect your nas for ransomware

Protect your nas for ransomware

There have recently been several reportings for encryption-based ransomware attacks encrypting all files on a NAS. The cause turned out to be related to a large-scale attack targeting NAS devices of various vendors. How can you protect yourself from these kind of attacks?

First of all, be very cautious of what you click or open and be sure that all users in your company are well informed of possible threats. Most infections are still caused by users opening infected files, websites or applications. Here are some very basic rules of thumb to follow:

  • Use reputable antivirus software and a firewall
  • Make sure that all systems and software are up-to-date with relevant patches
  • Do not provide personal information when answering an email, unsolicited phone call, text message or instant message
  • Open email attachments with caution
  • Verify email senders
  • Back up all your files, and keep backups separately

I will not go into details for these general rules of thumb, as we try to focus more specific on the recent attacks that targeted NAS devices in particular. Please let us know when you are interested in a more detailed post on how to protect yourself for attacks in general.

The more specific topic we would like to focus on here, are the attacks that targetted various vendors of NAS devices. These attacks turned out to be using brute-force attempts at logins on the NAS devices instead of specific system vulnerabilities. In this regard we advice to always apply some preventive measurements when setting up you NAS device.

When configuring your NAS, please be sure that you

  • At least change the default password to a very strong password containing lower-, uppercase, symbols and numbers
    • Preferably even create a new administrator account and disable the default admin user
  • Always use complex passwords, and apply password strength rules to all users
  • Enable the firewall on your NAS device
  • As an extra layer of security you can even enable the 2-step verification to the account
  • Keep your NAS software and firmware up to date

And don’t forget, always be sure that all your data is backed up. There are ton of possibilities for automating backups to the NAS, but also from the data on the NAS.

When in doubt, contact us for determining the best solution for you.