How to Protect Your NAS from Ransomware
by Sean Curiel, on Aug 9, 2019 2:08:00 PM
The number of malware variants that specifically target NAS devices appears to be on the rise. Fortunately, being proactive in taking common sense precautions and utilizing the security features built into your NAS – can go a long way toward stopping Ransomware before it ever has a chance to gain a foothold.
We recommend the following preventative measures to secure your network storage device from ransomware:
Apply Patches, Firmware and OS Updates
Why make it easy for attackers to make their entrance? Some ransomware variants specifically target weaknesses in NAS operating systems. Keep your NAS firmware current, and NAS operating system up to date, ensuring that known security flaws have been addressed.
Disable the Default Administrator Account
Many NAS manufacturers ship devices with a ready-to-use account with a simple name like “admin”. Disable this account and create a new administrator account that features a more creative Username, and you’ve helped to thwart malware scripts. If you cannot disable it, make sure to create a strong, unique password.
Users with Different Levels of Access
Not everyone needs write access to everything. Your NAS should be able to create users and groups with read-only permission to all folders except those which are absolutely necessary to write to. Follow the principle of least privilege and restrict accounts as much as possible.
Auto Block IP Addresses with Too Many Login Attempts
Ransomware will often make several attempts to guess your credentials. If your NAS device has a feature to automatically block IP addresses which have too many failed login attempts, take advantage of it. And don’t forget to enable logging so that you can track these attempts after the fact.
Restrict External Access to Your NAS
When it comes to the admin interface and making changes to your NAS settings, it may be wise to restrict access to the local network, limit to specific IP addresses, and disable remote connectivity. If necessary, use a VPN to connect to your office network to make changes.
Use A Complex but Memorable Password
When everyone does it – we’ll stop mentioning it! Create passwords using complex phrases that only make sense to you, using numbers, lowercase, uppercase and special characters. Learn about password strength and also about various methodologies.
Don’t Map Backup Shares as Drive Letters
Ransomware searches for anything exposed on your network. Try not to map your backup shares as drive letters in Windows (it won’t completely protect them due to Windows credential caching, but certainly makes them less inviting).
Backup Your NAS Regularly
There’s an old saying that the only true data protection is keeping multiple copies of it, in different physical locations and formats. It still holds true today. The data that lives on your NAS device should be fully replicated to an offsite target (usually an identical NAS unit) using secure methods. (See 3-2-1 backup method.)
These are a handful of precautionary measures from NovaStor’s data security team. Do you have additional tips that you use to protect your NAS device from malware? We’d like to hear them! Let us know in the comments below.