How can organisations protect themselves from NAS ransomware attacks?
This growing threat challenges assumptions about the vulnerability of backups


This article originally appeared in April's edition of IT Pro 20/20, available here. To sign up to receive each new issue in your inbox, click here.
Every business should know about ransomware. Never mind the big attacks that hit the headlines or the stories about the monetary value of ransoms that are paid and how they are the tip of an iceberg of undisclosed ransoms. The real reason every business should know about ransomware is because it might become a victim.
Ransomware comes in many different formats, though, and there’s one type that is often overlooked, despite it being on the rise: Ransomware that attacks your Network Attached Storage (NAS) – the location of your backups. Like other types of ransomware this can affect any organisation, large or small, and they should all ensure they are protected.
Don’t think your NAS is safe
Often the NAS is thought of secure in and of itself. It is a backup after all, and often thought of as the solution to, rather than the target of, ransomware. But, if you think about it, what better way to truly launch a successful attack than to ensure an organisation can’t simply restore affected files from a backup? Indeed, it wouldn't be able to access its backup data at all. This is what makes a NAS an attractive target for cyber criminals.
NAS devices can be identified by scanning for their IP address and, once they’re found, vulnerabilities within NAS software can be exploited, allowing the data on any devices that are attached to the NAS to be encrypted.
Be prepared
If a NAS can be vulnerable, it needs to be protected. When it comes to preventing NAS ransomware attacks, David Shrier, futurologist and cofounder of ESME Learning, tells IT Pro: “The best defence is making sure that you don’t have your network penetrated in the first place.” He advises there should be strong passwording and up to date software patching, both of which are key factors in protecting NAS.
For SMBs that use NAS for backup, these are just two of the relatively straightforward protections they can apply. Others include selecting a NAS with two factor authentication for added security, ensuring SSL is enabled if there will be remote access, and making frequent and regular backups of NAS storage that are archived remotely – off site and unconnected to the network – so there’s a clean, restorable version of your ‘universe’ that’s not too old to be useful. It will also be useful to select a NAS from a supplier with good additional security options, such as automatically blocking IP addresses after repeated failed login attempts (to deflect ‘brute force’ attacks), on board data encryption, and its own built in firewalls.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
As Ezat Dayeh, Senior Systems Engineer UK&I at Cohesity, tells IT Pro: “A NAS device is only as secure as the network security protocols themselves, as well as encryption and the other security approaches that a company takes.”
Prepare for the worst case
No matter how comprehensive your NAS security, it’s helpful to consider how you might manage a worst case scenario.
“Sadly, if you have not educated your users, don't have good security policies that are enforced, don’t patch your software, don’t have the right kind of redundant back up, and haven’t created differential user permissions around data which can offset the harm from an intrusion, there is little that can be done to salvage the situation,” says Shrier.
RELATED RESOURCE
Introducing VMDR: Vulnerability Management, Detection and Response
The all-in-one vulnerability management service
However, once you are in the worst case scenario, how will you get out of it? Paying the ransom is one option, but restoring a viable pre-ransomware backup (snapshot) is another. As Ezat Dayeh explains: “Regular snapshots of NAS systems will help guard against ransomware attacks so customers should choose platforms with space efficient and preferably unlimited snapshot capability.”
For larger enterprises, the time spent restoring data can be an issue too, and organisations should put thought into recovery time, what business areas might need to wait while a backup is restored, how long that might take, and whether they would benefit from a system that provides access to data even while it’s being restored in the background.
NAS ransomware is not likely to go away any time soon, and there is a real need for businesses to pay attention to NAS security and to how they would restore a clean backup in a worst case scenario. This area is a crucial part of overall systems and data security activity. Preparing for the worst while planning for the best could make all the difference.

Sandra Vogel is a freelance journalist with decades of experience in long-form and explainer content, research papers, case studies, white papers, blogs, books, and hardware reviews. She has contributed to ZDNet, national newspapers and many of the best known technology web sites.
At ITPro, Sandra has contributed articles on artificial intelligence (AI), measures that can be taken to cope with inflation, the telecoms industry, risk management, and C-suite strategies. In the past, Sandra also contributed handset reviews for ITPro and has written for the brand for more than 13 years in total.
-
Cloudflare is cracking down on AI web scrapers
News Cloudflare CEO Matthew Prince said AI companies have been "scraping content without limits" - now the company is cracking down.
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operators
News A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attack
News A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?
News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.