Protecting Your NAS from Ransomware

Protecting Your NAS from Ransomware

Ransomware is a cryptovirology attack carried out using covertly installed malware that encrypts the victim’s files and then requests a ransom payment in return for the decryption key that is needed to recover the encrypted files. Wide-ranging attacks involving encryption-based ransomware (also known as locker) began to increase through Trojans in the past few years. This also becomes a rising threat against both business and home users that targets computers and network-based devices.

Locker is a file-encrypting ransomware (CryptoLocker, CTB Locker, TeslaCrypt, and others) that encrypts files found on local drives, removable drives, mapped network drives, and even Dropbox mappings. Victims will be extorted a ransom to decrypt the affected files, or they will be unable to open the affect files ever again. A simple yet effective method of mitigating the threat of ransomware is to ensure that you always have backups with versioning. Therefore, I will show you how to protect your data on your QNAP NAS from ransomware by using QNAP’s snapshot feature.

First of all, while creating your storage volume, be sure to choose either “Thick Multiple Volume” or “Thin Multiple Volume” that both support snapshot.

1

Upon finishing, refer to this tutorial and create a weekly, daily or even hourly snapshot schedule for your NAS.

snapshot_agent_22

In the event of a ransomware attack and your files are encrypted by ransomware, then you can easily revert the entire storage volume to a previous state which has not been effected by ransomware. Or you can also choose to restore any specific file to a previous version and overwrite the encrypted file.

restore_file

In conclusion, to avoid or minimize the damage from ransomware, it is always important to keep you NAS system up-to-date. In addition, to deploy and maintain a comprehensive backup solution with versioning, and also has the ability to quickly revert to a previous version is as important.

 

James W.
Authored by: James W.

There are 7 comments for this article
  1. Avatar
    Gijs at 4:35 pm

    If someone is using QSYNC with versioning and files at the pc and ransomeware is encrypting your files, wouldn’t it be possible to revert all the changes by getting a previous version back from the NAS?

  2. Avatar
    Amigo at 9:52 am

    Not only ransomeware but also mining hacks are threaten to NAS. Remember to patch with the latest security on QNAP’s Security Bulletins and Advisories. An mining issue on QTS and solutions: https://amigotechnotes.wordpress.com/2017/05/03/check-and-solve-if-your-qnap-nas-has-been-injected-a-cpuminer-program/

  3. Avatar
    Amigo at 1:50 pm

    I have unpack QNAP’s Malware Remover. 2.1.x are shell scripts to kill malware process, malware files, and add a regular check automatically. If you are interested in the detail, take a look at this post: https://amigotechnotes.wordpress.com/2017/05/04/detail-explain-of-qnap-malware-remover-2-1-0/

  4. Avatar
    Markus Schaber at 7:44 am

    Hallo james.
    How can you guarantee – technically – that the snapshots are not encrypted?

  5. Avatar
    Markus Schaber at 7:46 am

    made this comment just to receive notifications (forgot to set it the first time).

  6. Avatar
    Bart at 8:31 am

    you miss very important information that snasphots are NOT supported for ARM based models, very bad qnap!!

Leave a Reply

Your email address will not be published. Required fields are marked *