swarfega said:

What are you doing exactly. I need to do something I'm sure but not sure what.

Do you want to access your NAS through the Internet while you are away from your home network? If not, turn off internet access to your NAS. Then you have time to work on your security before reconnecting it. From the source article...

To begin an attack chain, operators will first perform a scan of a range of IP addresses to find NAS devices that are accessible via the Internet.

Hi folks

There's "NAS" and "NAS" systems --these things are generic and can have all sorts of OS'es in them -- some based on Linux are very well protected unless you allow easy access from Windows via sloppy network file sharing in which case the HDD's CAN get corrupted via contamination from Windows, others have their own proprietary Os in them e.g I think QNAP or whatever -- not sure about the internal protection on these but if sloppy Network file sharing is enabled from Windows same problem can occur.

I've always said to people - as well as regularly backing up Windows YOU NEED TO BACKUP DATA ON NAS as well (Caps intended). You don't have to backup the whole kybosh in one go -- particularly if you have a load of multi-media stuff as I assume this data doesn't change much and usually you only add new files.

So if using a Linux type OS on a NAS - regularly backup with GRSYNC (GUI front end for RSYNC) - this will copy new and changed files to your backup device(s). Keep backup devices OFFLINE after backup --those small self powered passport USB3 4TB drives are excellent for this purpose.

Now If you DO get any ransomware on your machine -- DO NOT PANIC AND NEVER PAY THESE SCUMBAGS ANYTHING

Do the following

1) If any phone call tell caller in no uncertain words to --> I think the word starts with an F in english and rhymes with DUCK and put the phone down.

2) Switch off ALL computers (HARD switch off -- don't use software power off - just pull the plugs out if necessary.

3) Disconnect ALL peripherals apart from keyboard, mouse and monitor.

4) Disconnect / disable the Internet --- if necessary switch off the Router if disabling the Internet is problematic on your computers.

5) from stand alone restore simply restore last clean Windows OS and data / OS to NAS systems -- note if your NAS systems have been attacked restoring 5 / 6 TB of data can take a long time so an overnight job is best.

6) After restores check everything is clean again --then re-connect Internet and you are "Good to Go".

Never panic -- ransomware is easy to deal with -- but as I and others keep saying "AD NAUSEAM" Please folks always take regular backups -- Windows can use Free macrium --excellent product -- costs zilch, and for Linux there's so many backup solutions it's up to you --personally I find RSYNC and it's front end GUI GRSYNC excellent.

Now if people really do get nobbled by Ransomware then IMO its probably their own fault for not taking regular backups.

Cheers
jimbo

Bree said:

Do you want to access your NAS through the Internet while you are away from your home network? If not, turn off internet access to your NAS.

I know some enterprises and individuals may require internet access to 'home base' storage, but to me, any internet connection maintained constantly is a risk to the system in question. I prefer to only connect to internet when needed, and wish there were a simple physical switch standard for internet connection/disconnection. If the bad guys can't see you, they can't attack you. And they have a large field to scan for their targets, so if you are only visible for relatively short periods, getting attacked is much less likely.

Nothing that I download except files from WU goes directly to a system drive. All my PCs are on a private network with a super strong password, but no system drive is included. I also run regular Macrium backups and keep the last 3 copies of each on a removable drive that's connected to a computer only during the short time needed to copy backup files. That arrangement has kept me safe in the past, so I hope it works for the future as well. I am constantly connected to the Internet via wire and WiFi through a router, but ShieldsUP reports no equipment at my IP address responds to their UPnP probes (for whatever that's worth).