How can organisations protect themselves from NAS ransomware attacks?

This growing threat challenges assumptions about the vulnerability of backups

This article originally appeared in April's edition of IT Pro 20/20, available here. To sign up to receive each new issue in your inbox, click here.

Every business should know about ransomware. Never mind the big attacks that hit the headlines or the stories about the monetary value of ransoms that are paid and how they are the tip of an iceberg of undisclosed ransoms. The real reason every business should know about ransomware is because it might become a victim

Ransomware comes in many different formats, though, and there’s one type that is often overlooked, despite it being on the rise: Ransomware that attacks your Network Attached Storage (NAS) – the location of your backups. Like other types of ransomware this can affect any organisation, large or small, and they should all ensure they are protected. 

Don’t think your NAS is safe 

Often the NAS is thought of secure in and of itself. It is a backup after all, and often thought of as the solution to, rather than the target of, ransomware.  But, if you think about it, what better way to truly launch a successful attack than to ensure an organisation can’t simply restore affected files from a backup? Indeed, it wouldn't be able to access its backup data at all. This is what makes a NAS an attractive target for cyber criminals.

NAS devices can be identified by scanning for their IP address and, once they’re found, vulnerabilities within NAS software can be exploited, allowing the data on any devices that are attached to the NAS to be encrypted. 

Be prepared

If a NAS can be vulnerable, it needs to be protected. When it comes to preventing NAS ransomware attacks, David Shrier, futurologist and cofounder of ESME Learning, tells IT Pro: “The best defence is making sure that you don’t have your network penetrated in the first place.” He advises there should be strong passwording and up to date software patching, both of which are key factors in protecting NAS.

For SMBs that use NAS for backup, these are just two of the relatively straightforward protections they can apply. Others include selecting a NAS with two factor authentication for added security, ensuring SSL is enabled if there will be remote access, and making frequent and regular backups of NAS storage that are archived remotely – off site and unconnected to the network – so there’s a clean, restorable version of your ‘universe’ that’s not too old to be useful. It will also be useful to select a NAS from a supplier with good additional security options, such as automatically blocking IP addresses after repeated failed login attempts (to deflect ‘brute force’ attacks), on board data encryption, and its own built in firewalls

As Ezat Dayeh, Senior Systems Engineer UK&I at Cohesity, tells IT Pro: “A NAS device is only as secure as the network security protocols themselves, as well as encryption and the other security approaches that a company takes.” 

Prepare for the worst case

No matter how comprehensive your NAS security, it’s helpful to consider how you might manage a worst case scenario. 

“Sadly, if you have not educated your users, don't have good security policies that are enforced, don’t patch your software, don’t have the right kind of redundant back up, and haven’t created differential user permissions around data which can offset the harm from an intrusion, there is little that can be done to salvage the situation,” says Shrier.

Related Resource

Introducing VMDR: Vulnerability Management, Detection and Response

The all-in-one vulnerability management service

Download now

However, once you are in the worst case scenario, how will you get out of it? Paying the ransom is one option, but restoring a viable pre-ransomware backup (snapshot) is another. As Ezat Dayeh explains: “Regular snapshots of NAS systems will help guard against ransomware attacks so customers should choose platforms with space efficient and preferably unlimited snapshot capability.”

For larger enterprises, the time spent restoring data can be an issue too, and organisations should put thought into recovery time, what business areas might need to wait while a backup is restored, how long that might take, and whether they would benefit from a system that provides access to data even while it’s being restored in the background. 

NAS ransomware is not likely to go away any time soon, and there is a real need for businesses to pay attention to NAS security and to how they would restore a clean backup in a worst case scenario. This area is a crucial part of overall systems and data security activity. Preparing for the worst while planning for the best could make all the difference.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

New ransomware group is attacking US firms and educational establishments
ransomware

New ransomware group is attacking US firms and educational establishments

15 Jul 2021
Interpol calls for more action to prevent "ransomware pandemic"
cyber security

Interpol calls for more action to prevent "ransomware pandemic"

13 Jul 2021
84% of organizations experienced phishing or ransomware attacks in the last year
ransomware

84% of organizations experienced phishing or ransomware attacks in the last year

12 Jul 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

9 Jul 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
UK gov considers blocking Nvidia's takeover of Arm
Acquisition

UK gov considers blocking Nvidia's takeover of Arm

4 Aug 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021