How can organisations protect themselves from NAS ransomware attacks?

This growing threat challenges assumptions about the vulnerability of backups

This article originally appeared in April's edition of IT Pro 20/20, available here. To sign up to receive each new issue in your inbox, click here.

Every business should know about ransomware. Never mind the big attacks that hit the headlines or the stories about the monetary value of ransoms that are paid and how they are the tip of an iceberg of undisclosed ransoms. The real reason every business should know about ransomware is because it might become a victim

Ransomware comes in many different formats, though, and there’s one type that is often overlooked, despite it being on the rise: Ransomware that attacks your Network Attached Storage (NAS) – the location of your backups. Like other types of ransomware this can affect any organisation, large or small, and they should all ensure they are protected. 

Don’t think your NAS is safe 

Often the NAS is thought of secure in and of itself. It is a backup after all, and often thought of as the solution to, rather than the target of, ransomware.  But, if you think about it, what better way to truly launch a successful attack than to ensure an organisation can’t simply restore affected files from a backup? Indeed, it wouldn't be able to access its backup data at all. This is what makes a NAS an attractive target for cyber criminals.

NAS devices can be identified by scanning for their IP address and, once they’re found, vulnerabilities within NAS software can be exploited, allowing the data on any devices that are attached to the NAS to be encrypted. 

Be prepared

If a NAS can be vulnerable, it needs to be protected. When it comes to preventing NAS ransomware attacks, David Shrier, futurologist and cofounder of ESME Learning, tells IT Pro: “The best defence is making sure that you don’t have your network penetrated in the first place.” He advises there should be strong passwording and up to date software patching, both of which are key factors in protecting NAS.

For SMBs that use NAS for backup, these are just two of the relatively straightforward protections they can apply. Others include selecting a NAS with two factor authentication for added security, ensuring SSL is enabled if there will be remote access, and making frequent and regular backups of NAS storage that are archived remotely – off site and unconnected to the network – so there’s a clean, restorable version of your ‘universe’ that’s not too old to be useful. It will also be useful to select a NAS from a supplier with good additional security options, such as automatically blocking IP addresses after repeated failed login attempts (to deflect ‘brute force’ attacks), on board data encryption, and its own built in firewalls

As Ezat Dayeh, Senior Systems Engineer UK&I at Cohesity, tells IT Pro: “A NAS device is only as secure as the network security protocols themselves, as well as encryption and the other security approaches that a company takes.” 

Prepare for the worst case

No matter how comprehensive your NAS security, it’s helpful to consider how you might manage a worst case scenario. 

“Sadly, if you have not educated your users, don't have good security policies that are enforced, don’t patch your software, don’t have the right kind of redundant back up, and haven’t created differential user permissions around data which can offset the harm from an intrusion, there is little that can be done to salvage the situation,” says Shrier.

Related Resource

Introducing VMDR: Vulnerability Management, Detection and Response

The all-in-one vulnerability management service

Download now

However, once you are in the worst case scenario, how will you get out of it? Paying the ransom is one option, but restoring a viable pre-ransomware backup (snapshot) is another. As Ezat Dayeh explains: “Regular snapshots of NAS systems will help guard against ransomware attacks so customers should choose platforms with space efficient and preferably unlimited snapshot capability.”

For larger enterprises, the time spent restoring data can be an issue too, and organisations should put thought into recovery time, what business areas might need to wait while a backup is restored, how long that might take, and whether they would benefit from a system that provides access to data even while it’s being restored in the background. 

NAS ransomware is not likely to go away any time soon, and there is a real need for businesses to pay attention to NAS security and to how they would restore a clean backup in a worst case scenario. This area is a crucial part of overall systems and data security activity. Preparing for the worst while planning for the best could make all the difference.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type

How to find RAM speed, size and type

8 Apr 2021