Advice Request Protect a NAS from Ransomware?

Please provide comments and solutions that are helpful to the author of this topic.

Ink

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Theoretical question: How to protect the Network Attached Storage (NAS) on your Home Network from a Ransomware attack, after one system is compromised?

Am I safe?

Pre-cautions to be taken?

Solutions / Remedies?

Are NAS configured to deflect attacks?
 
  • Like
Reactions: Gandalf_The_Grey, [correlate], bayasdev and 4 others
M

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
This is not a theoretical question -- many types of ransomware will go onto network mounts, network shares, and network drives and ransom those locations too. macOS ransomware has been known to disable/delete Time Machine backups as well.

There are a few things you can do:

  1. Some NAS systems like FreeNAS have the ability to take periodic rolling snapshots. Snapshots allow you to revert and restore files that have been modified and require logging in via SSH to gain access to manipulate the snapshots themselves, so simply deleting files via SMB will not delete your contents. I have mine configured to take hourly snapshots that last 1 week (for mistakes I quickly catch), then weekly snapshots that last 6 months (in case ransomware slowly destroys my data before I can realize it)
  2. Configure write-only dropboxes or other privileged areas that the normal login cannot access. Periodically move your backups onto there.
  3. Never let a password manager auto-save the administrative credentials for either the privileged user via SMB or the web admin console username/password, to prevent ransomware from being able to extract it.

Finally, don't forget that a NAS isn't an end-all solution to your backup/storage needs. Your NAS could catch on fire, or suffer too many disk failures to recover via RAID. Or it could have some horrible horrible bug that eats all your data. If you cannot afford to lose the data on your NAS, you must have some sort of backup strategy for it too, which also in turn could be part of your ransomware defense strategy.
 
  • Like
  • +Reputation
Reactions: Nevi, harlan4096, Handsome Recluse and 6 others
F

ForgottenSeer 85179

Every user who has write access to the NAS can modify files which malware does.

To minimize the risk, create user accounts and restrict the access to folder for every user in NAS management. So if PC 1 get infected and had user credentials for NAS-user 1 only files from NAS-user 1 get infected.
With backups and ransomware protection on NAS side you're good then.

Also don't let your NAS open to unneeded stuff like SSH or at least only allow keyfile login.
And one important thing: disable all online services on NAS except automatic updates.
Cloud is a big attack surface for a NAS.
 
  • Like
Reactions: Protomartyr, [correlate], Gandalf_The_Grey and 4 others

Similar threads

MuzzMelbourne
    • Like
    • +Reputation
Security News Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices
Replies
1
Views
1,566
Security News
CyberTech
CyberTech
Practical Response
    • Like
    • +Reputation
    • Hundred Points
Serious Discussion Security configuration Gurus
Replies
38
Views
1,633
General Security Discussions
Practical Response
Practical Response
upnorth
    • +Reputation
    • Like
RTM Locker Ransomware variant targeting Linux, NAS & ESXi
Replies
0
Views
1,173
News Archive
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top