Advice Request Protect a NAS from Ransomware?

Please provide comments and solutions that are helpful to the author of this topic.
I

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,318
2
55,055
8,379
Theoretical question: How to protect the Network Attached Storage (NAS) on your Home Network from a Ransomware attack, after one system is compromised?

Am I safe?

Pre-cautions to be taken?

Solutions / Remedies?

Are NAS configured to deflect attacks?
 
  • Like
Reactions: Gandalf_The_Grey, [correlate], bayasdev and 4 others
This is not a theoretical question -- many types of ransomware will go onto network mounts, network shares, and network drives and ransom those locations too. macOS ransomware has been known to disable/delete Time Machine backups as well.

There are a few things you can do:

  1. Some NAS systems like FreeNAS have the ability to take periodic rolling snapshots. Snapshots allow you to revert and restore files that have been modified and require logging in via SSH to gain access to manipulate the snapshots themselves, so simply deleting files via SMB will not delete your contents. I have mine configured to take hourly snapshots that last 1 week (for mistakes I quickly catch), then weekly snapshots that last 6 months (in case ransomware slowly destroys my data before I can realize it)
  2. Configure write-only dropboxes or other privileged areas that the normal login cannot access. Periodically move your backups onto there.
  3. Never let a password manager auto-save the administrative credentials for either the privileged user via SMB or the web admin console username/password, to prevent ransomware from being able to extract it.

Finally, don't forget that a NAS isn't an end-all solution to your backup/storage needs. Your NAS could catch on fire, or suffer too many disk failures to recover via RAID. Or it could have some horrible horrible bug that eats all your data. If you cannot afford to lose the data on your NAS, you must have some sort of backup strategy for it too, which also in turn could be part of your ransomware defense strategy.
 
  • Like
  • +Reputation
Reactions: Nevi, harlan4096, Handsome Recluse and 6 others
Every user who has write access to the NAS can modify files which malware does.

To minimize the risk, create user accounts and restrict the access to folder for every user in NAS management. So if PC 1 get infected and had user credentials for NAS-user 1 only files from NAS-user 1 get infected.
With backups and ransomware protection on NAS side you're good then.

Also don't let your NAS open to unneeded stuff like SSH or at least only allow keyfile login.
And one important thing: disable all online services on NAS except automatic updates.
Cloud is a big attack surface for a NAS.
 
  • Like
Reactions: Protomartyr, [correlate], Gandalf_The_Grey and 4 others

You may also like...