New
#1
@Brink
Thanks, that is a very good intel.
Taking some measures over here!
The number of ransomware strains targeting NAS and backup storage devices is growing, with users "unprepared" for the threat, researchers say.
Ransomware comes in many forms and guises. The malware variant is popular with cybercriminals and is used in attacks against the enterprise, critical services -- including hospitals and utilities -- and individuals.
Once deployed on a system, the malware will usually encrypt files or full drives, issue its victim with a ransom note, and demand payment in return for a way to decrypt and restore access to locked content.
There is no guarantee that paying up will result in decryption, but many will do so rather than lose their files -- and in cases where crucial systems have been locked, such as at government bodies or healthcare providers, there is additional pressure to return to normal operations as quickly as possible...
Read more: New ransomware attacks target your NAS devices, backup storage | ZDNet
Do you want to access your NAS through the Internet while you are away from your home network? If not, turn off internet access to your NAS. Then you have time to work on your security before reconnecting it. From the source article...
To begin an attack chain, operators will first perform a scan of a range of IP addresses to find NAS devices that are accessible via the Internet.
Thanks guys. I dont access the NAS when I'm away from the house so that's something to think about.
Hi folks
There's "NAS" and "NAS" systems --these things are generic and can have all sorts of OS'es in them -- some based on Linux are very well protected unless you allow easy access from Windows via sloppy network file sharing in which case the HDD's CAN get corrupted via contamination from Windows, others have their own proprietary Os in them e.g I think QNAP or whatever -- not sure about the internal protection on these but if sloppy Network file sharing is enabled from Windows same problem can occur.
I've always said to people - as well as regularly backing up Windows YOU NEED TO BACKUP DATA ON NAS as well (Caps intended). You don't have to backup the whole kybosh in one go -- particularly if you have a load of multi-media stuff as I assume this data doesn't change much and usually you only add new files.
So if using a Linux type OS on a NAS - regularly backup with GRSYNC (GUI front end for RSYNC) - this will copy new and changed files to your backup device(s). Keep backup devices OFFLINE after backup --those small self powered passport USB3 4TB drives are excellent for this purpose.
Now If you DO get any ransomware on your machine -- DO NOT PANIC AND NEVER PAY THESE SCUMBAGS ANYTHING
Do the following
1) If any phone call tell caller in no uncertain words to --> I think the word starts with an F in english and rhymes with DUCK and put the phone down.
2) Switch off ALL computers (HARD switch off -- don't use software power off - just pull the plugs out if necessary.
3) Disconnect ALL peripherals apart from keyboard, mouse and monitor.
4) Disconnect / disable the Internet --- if necessary switch off the Router if disabling the Internet is problematic on your computers.
5) from stand alone restore simply restore last clean Windows OS and data / OS to NAS systems -- note if your NAS systems have been attacked restoring 5 / 6 TB of data can take a long time so an overnight job is best.
6) After restores check everything is clean again --then re-connect Internet and you are "Good to Go".
Never panic -- ransomware is easy to deal with -- but as I and others keep saying "AD NAUSEAM" Please folks always take regular backups -- Windows can use Free macrium --excellent product -- costs zilch, and for Linux there's so many backup solutions it's up to you --personally I find RSYNC and it's front end GUI GRSYNC excellent.
Now if people really do get nobbled by Ransomware then IMO its probably their own fault for not taking regular backups.
Cheers
jimbo
I know some enterprises and individuals may require internet access to 'home base' storage, but to me, any internet connection maintained constantly is a risk to the system in question. I prefer to only connect to internet when needed, and wish there were a simple physical switch standard for internet connection/disconnection. If the bad guys can't see you, they can't attack you. And they have a large field to scan for their targets, so if you are only visible for relatively short periods, getting attacked is much less likely.
@mta3006
I use a program called Internet Off, you can turn your connection off/on, it has a password protect & even has a time setting for allowed access times, along with scheduling for access. And it's a freebie
Internet Off - Internet Blocking App for Windows
Anytime I leave the PC for a time, I make sure to shut off net access. I keep my images & backup on an external drive that is only plugged in when I'm updating images.InternetOff allows you to quickly turn off the internet so that you can go offline. When you need the connection, you can enable the internet easily for some period (and it will be automatically turned off) or permanently in just two clicks. Besides the program lets you password protect and schedule access to the internet.
Nothing that I download except files from WU goes directly to a system drive. All my PCs are on a private network with a super strong password, but no system drive is included. I also run regular Macrium backups and keep the last 3 copies of each on a removable drive that's connected to a computer only during the short time needed to copy backup files. That arrangement has kept me safe in the past, so I hope it works for the future as well. I am constantly connected to the Internet via wire and WiFi through a router, but ShieldsUP reports no equipment at my IP address responds to their UPnP probes (for whatever that's worth).