How can organisations protect themselves from NAS ransomware attacks?

This growing threat challenges assumptions about the vulnerability of backups

This article originally appeared in April's edition of IT Pro 20/20, available here. To sign up to receive each new issue in your inbox, click here.

Every business should know about ransomware. Never mind the big attacks that hit the headlines or the stories about the monetary value of ransoms that are paid and how they are the tip of an iceberg of undisclosed ransoms. The real reason every business should know about ransomware is because it might become a victim

Ransomware comes in many different formats, though, and there’s one type that is often overlooked, despite it being on the rise: Ransomware that attacks your Network Attached Storage (NAS) – the location of your backups. Like other types of ransomware this can affect any organisation, large or small, and they should all ensure they are protected. 

Don’t think your NAS is safe 

Often the NAS is thought of secure in and of itself. It is a backup after all, and often thought of as the solution to, rather than the target of, ransomware.  But, if you think about it, what better way to truly launch a successful attack than to ensure an organisation can’t simply restore affected files from a backup? Indeed, it wouldn't be able to access its backup data at all. This is what makes a NAS an attractive target for cyber criminals.

NAS devices can be identified by scanning for their IP address and, once they’re found, vulnerabilities within NAS software can be exploited, allowing the data on any devices that are attached to the NAS to be encrypted. 

Be prepared

If a NAS can be vulnerable, it needs to be protected. When it comes to preventing NAS ransomware attacks, David Shrier, futurologist and cofounder of ESME Learning, tells IT Pro: “The best defence is making sure that you don’t have your network penetrated in the first place.” He advises there should be strong passwording and up to date software patching, both of which are key factors in protecting NAS.

For SMBs that use NAS for backup, these are just two of the relatively straightforward protections they can apply. Others include selecting a NAS with two factor authentication for added security, ensuring SSL is enabled if there will be remote access, and making frequent and regular backups of NAS storage that are archived remotely – off site and unconnected to the network – so there’s a clean, restorable version of your ‘universe’ that’s not too old to be useful. It will also be useful to select a NAS from a supplier with good additional security options, such as automatically blocking IP addresses after repeated failed login attempts (to deflect ‘brute force’ attacks), on board data encryption, and its own built in firewalls

As Ezat Dayeh, Senior Systems Engineer UK&I at Cohesity, tells IT Pro: “A NAS device is only as secure as the network security protocols themselves, as well as encryption and the other security approaches that a company takes.” 

Prepare for the worst case

No matter how comprehensive your NAS security, it’s helpful to consider how you might manage a worst case scenario. 

“Sadly, if you have not educated your users, don't have good security policies that are enforced, don’t patch your software, don’t have the right kind of redundant back up, and haven’t created differential user permissions around data which can offset the harm from an intrusion, there is little that can be done to salvage the situation,” says Shrier.

Related Resource

Introducing VMDR: Vulnerability Management, Detection and Response

The all-in-one vulnerability management service

Download now

However, once you are in the worst case scenario, how will you get out of it? Paying the ransom is one option, but restoring a viable pre-ransomware backup (snapshot) is another. As Ezat Dayeh explains: “Regular snapshots of NAS systems will help guard against ransomware attacks so customers should choose platforms with space efficient and preferably unlimited snapshot capability.”

For larger enterprises, the time spent restoring data can be an issue too, and organisations should put thought into recovery time, what business areas might need to wait while a backup is restored, how long that might take, and whether they would benefit from a system that provides access to data even while it’s being restored in the background. 

NAS ransomware is not likely to go away any time soon, and there is a real need for businesses to pay attention to NAS security and to how they would restore a clean backup in a worst case scenario. This area is a crucial part of overall systems and data security activity. Preparing for the worst while planning for the best could make all the difference.

Featured Resources

Next-generation time series: Forecasting for the real world, not the ideal world

Solve time series problems with AI

Free download

The future of productivity

Driving your business forward with Microsoft Office 365

Free download

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Free download

A quantitative comparison of UPS monitoring and servicing approaches across edge environments

Effective UPS fleet management

Free download

Recommended

Almost 70% of CISOs expect a ransomware attack
ransomware

Almost 70% of CISOs expect a ransomware attack

19 Oct 2021
Organizations warned of ransomware risk from smaller operators
ransomware

Organizations warned of ransomware risk from smaller operators

19 Oct 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

14 Oct 2021
Senator to introduce new bill to force ransomware payment disclosures
ransomware

Senator to introduce new bill to force ransomware payment disclosures

6 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021