NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

RSherman90's avatar
RSherman90
Apprentice
Apr 18, 2020

Is a NAS vulnerable to Ransomware attack?

We have a small workgroup network of 10 PCs and an RN-424 serving shared data to all the PCs. All the PCs do image backups to a Share on the NAS as well as local image backups to s 2nd harddrive on e...
Sandshark's avatar
Sandshark
Sensei - Experienced User
Apr 18, 2020

I am not aware of any ransomware that can attack a Linux based NAS directly.  BUT, ransomware on a PC that uses the NAS can encrypt the data on the NAS using that PC's access.  There are some things you can do to reduce it's chances of doing so:

 

Limit each users' access as much as practical to reduce the scope the ransomware will have on the NAS.  If it is only used for backup, don't mount any NAS share as a drive on any PC or keep a folder on the NAS open.  If possible, don't access the NAS directly from Windows Explorer at all.  Definately don't save NAS credentials on the PC (don't check the "remember" box).  Let the backup software directly access the share, if it can do that.  If it can use a protcol other than SMB, even better (though I know of no decent PC backup software that does).. and then shut down SMB completely on the NAS.  If you can put the NAS on a time schedule, that may give you time to intervene before it's even on, but I wouldn't count on this being especially effective.

 

Once the ransomware has done it's deed, the backup software may stop working.  But in case it doesn't, insure your backup keeps at least one old copy on the NAS and that the NAS has snapshots enabled (custom gives you better control than "Smart") and enough space that all snapshots won't be deleted to make way for the next backup, which may be huge because the encrypted files are "new".  Dont have "allow snapshot access" checked, so they are invisible to the PC.

 

If you have a backup NAS for this NAS (and you may not if it's only PC backups already), don't enable SMB on the backup computer -- use rsync only.  Don't use "remove files deleted on source" (though that can get unruly if you don't have a process for deleting old files and have a lot of churn).  Snapsots and a time schedule for this NAS may also help some in the same way as on the primary,  BTW, a way to implement old file deletion on the NAS without an external process is to have one periodic backup that does delete files deleted on source.  But you can get unlucky and have that one occur at the wrong time.

StephenB's avatar
StephenB
Guru - Experienced User
Apr 18, 2020

If you are willing throw disk space at the problem, you could recover data from snapshots if a PC encrypts the files on the NAS.

 

Since you generally want 20% free space (even after ransomware attacks), you'd want to size the volume so that you always have 60% free space.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More