Network-attached storage (NAS) devices are common targets of ransomware attacks. Find out why NAS devices are often attacked and what you can do to protect your storage device and the data in it.
Small and midsized businesses often use network-attached storage (NAS) devices for file sharing, storage, and backups. Because these devices are used to store a large amount of data and are often connected to the Internet, they are prime targets for ransomware attacks. For example, on July 19, 2019, cybercriminals launched ransomware attacks against NAS devices made by Synology. And on July 10, 2019, researchers sounded the alarm about ransomware attacks against NAS devices sold by QNAP Systems.
If your business uses a NAS device, you need to protect it against ransomware and other types of malware. Here are five measures you can take to protect the device and the data in it:
- Change the Default Credentials
In both of the July 2019 ransomware campaigns, cybercriminals used brute-force attacks to initially gain access to NAS devices through the administrator account. In brute-force attacks, automated tools systematically try account name and password combinations in hope that default or weak credentials are being used for the administrator account.
To protect your NAS device, you should disable the default administrator account (which is often named “admin”) and create a new admin account with a hard-to-guess account name. (Typically, you cannot simply rename this account.) When you are setting the new account’s password, make sure it is strong and unique. If your NAS device supports two-step authentication, it is a good idea to use it.
- Make Sure SSL Is Enabled
Secure Sockets Layer (SSL) should be enabled if any employees access your NAS device remotely through a web portal. When SSL is used, the connection is encrypted so hackers won’t be able to see the credentials (and any other data) being transmitted to the device. A quick way to see whether or not the connection is encrypted is to check the portal’s URL. If it begins with “https:”, the connection is encrypted. If it starts with “http:”, you should enable SSL.
- Update the Software Regularly
NAS devices include operating system software. Regularly updating this software is crucial, as the updates often fix recently discovered security vulnerabilities. For instance, the ransomware used to attack QNAP Systems’ NAS devices exploits known security vulnerabilities. Although QNAP Systems has released updates that fix those issues, the ransomware victims did not have those updates installed on their NAS devices. Had the updates been installed, the attacks wouldn’t have been successful.
Similarly, it is important to regularly update other applications that are installed on your NAS device.
- Back Up the Data Regularly
Cybercriminals are constantly devising new and more sophisticated ways to spread ransomware. So, despite your best efforts to secure your NAS device, a ransomware attack might still be successful. To avoid having to pay the ransom, you should routinely back up the data on your NAS device. Some NAS device vendors even offer a cloud backup service for this purpose.
- Take Advantage of Built-In Security Options
NAS devices often include security options that you can use. For example, they might have:
- An auto-block option. This feature blacklists IP addresses after a certain number of failed log-in attempts. This can thwart hackers’ attempts to use brute-force credential-cracking tools to access the devices.
- The ability to encrypt the data being stored. Some NAS devices encrypt data when it is at rest. That way, if cybercriminals somehow get ahold of the data, they won’t be able to see or use it.
- A built-in firewall. NAS devices sometimes have built-in firewalls that will automatically block connections that the devices do not recognize. You can usually customize the firewall’s rules so that you can keep certain connections open but block all other connections.
Don’t Forget about the Network
In addition to protecting your NAS device and routinely backing up the data on it, you need to secure the network in which the device is placed. How to do so will depend on your network’s components and configuration. We can assess your network and create a customized plan to better secure it.
JavaScript source code ransomware flickr photo by Christiaan Colen shared under a Creative Commons (BY-SA) license
