How can organisations protect themselves from NAS ransomware attacks?

This growing threat challenges assumptions about the vulnerability of backups

This article originally appeared in April's edition of IT Pro 20/20, available here. To sign up to receive each new issue in your inbox, click here.

Every business should know about ransomware. Never mind the big attacks that hit the headlines or the stories about the monetary value of ransoms that are paid and how they are the tip of an iceberg of undisclosed ransoms. The real reason every business should know about ransomware is because it might become a victim

Ransomware comes in many different formats, though, and there’s one type that is often overlooked, despite it being on the rise: Ransomware that attacks your Network Attached Storage (NAS) – the location of your backups. Like other types of ransomware this can affect any organisation, large or small, and they should all ensure they are protected. 

Don’t think your NAS is safe 

Often the NAS is thought of secure in and of itself. It is a backup after all, and often thought of as the solution to, rather than the target of, ransomware.  But, if you think about it, what better way to truly launch a successful attack than to ensure an organisation can’t simply restore affected files from a backup? Indeed, it wouldn't be able to access its backup data at all. This is what makes a NAS an attractive target for cyber criminals.

NAS devices can be identified by scanning for their IP address and, once they’re found, vulnerabilities within NAS software can be exploited, allowing the data on any devices that are attached to the NAS to be encrypted. 

Be prepared

If a NAS can be vulnerable, it needs to be protected. When it comes to preventing NAS ransomware attacks, David Shrier, futurologist and cofounder of ESME Learning, tells IT Pro: “The best defence is making sure that you don’t have your network penetrated in the first place.” He advises there should be strong passwording and up to date software patching, both of which are key factors in protecting NAS.

For SMBs that use NAS for backup, these are just two of the relatively straightforward protections they can apply. Others include selecting a NAS with two factor authentication for added security, ensuring SSL is enabled if there will be remote access, and making frequent and regular backups of NAS storage that are archived remotely – off site and unconnected to the network – so there’s a clean, restorable version of your ‘universe’ that’s not too old to be useful. It will also be useful to select a NAS from a supplier with good additional security options, such as automatically blocking IP addresses after repeated failed login attempts (to deflect ‘brute force’ attacks), on board data encryption, and its own built in firewalls

As Ezat Dayeh, Senior Systems Engineer UK&I at Cohesity, tells IT Pro: “A NAS device is only as secure as the network security protocols themselves, as well as encryption and the other security approaches that a company takes.” 

Prepare for the worst case

No matter how comprehensive your NAS security, it’s helpful to consider how you might manage a worst case scenario. 

“Sadly, if you have not educated your users, don't have good security policies that are enforced, don’t patch your software, don’t have the right kind of redundant back up, and haven’t created differential user permissions around data which can offset the harm from an intrusion, there is little that can be done to salvage the situation,” says Shrier.

Related Resource

Introducing VMDR: Vulnerability Management, Detection and Response

The all-in-one vulnerability management service

Download now

However, once you are in the worst case scenario, how will you get out of it? Paying the ransom is one option, but restoring a viable pre-ransomware backup (snapshot) is another. As Ezat Dayeh explains: “Regular snapshots of NAS systems will help guard against ransomware attacks so customers should choose platforms with space efficient and preferably unlimited snapshot capability.”

For larger enterprises, the time spent restoring data can be an issue too, and organisations should put thought into recovery time, what business areas might need to wait while a backup is restored, how long that might take, and whether they would benefit from a system that provides access to data even while it’s being restored in the background. 

NAS ransomware is not likely to go away any time soon, and there is a real need for businesses to pay attention to NAS security and to how they would restore a clean backup in a worst case scenario. This area is a crucial part of overall systems and data security activity. Preparing for the worst while planning for the best could make all the difference.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

How can you protect your business from crypto-ransomware?
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019

Most Popular

Windows XP source code allegedly leaked online
Microsoft Windows

Windows XP source code allegedly leaked online

25 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020