NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Is a NAS vulnerable to Ransomware attack?
We have a small workgroup network of 10 PCs and an RN-424 serving shared data to all the PCs. All the PCs do image backups to a Share on the NAS as well as local image backups to s 2nd harddrive on e...
1. I posted a very complicated procedure for reducing the number of drives in an array. If you have sufficient Linux skills, it's here: Reducing-RAID-size-removing-drives-WITHOUT-DATA-LOSS-is-possible. That doesn't deal with multiple layers due to expansion, so I recommend reducing to 3 drives then replacing with larger ones if you go this route. Because it involves a lot of messing with MDADM and BTRFS as well as re-boots, doing it while files are being accessed is probably not a good idea. And honestly, if you have good backup, starting fresh is way better.
2. USB drives can be FAT, NTFS, or EXT (Linux native), they are never BTRFS. EXT drivers are available for Windows, but using NTFS is usually best unless the conversion of Linux permissions to NTFS don't work well for you. That allows you to access the drive directly from Windows.
3. Yes. The only limitation is installed apps. If you use any (and I suspect you don't), uninstall on the Intel system and re-install on the ARM one. Same limitation going the other way, BTW.
4. They should be, and I have no reason to doubt they are. Exception may be if that user has permission to change the share to read/write.
Sandshark wrote:
2. USB drives can be FAT, NTFS, or EXT (Linux native), they are never BTRFS.
OS 6 ReadyNAS does support BTRFS formatted USB drives.
If you are new to NAS, you should probably research how btrfs snapshots work generally. They also provide some ability to roll back to older file versions in response to user errors.
No, not new to ReadyNAS but not an expert (yet..)
Regarding the use of snapshots...
We used to use snapshots, but found it made searching on the user shares very lengthy, and the results confusing as Windows would find all the versions of a given file.
Also just wondering... presumably the snapshot function would create a "delta" roughly equal to the size of the original file if malware tried to encrypt it. Unless a lot of space is reserved, what would happen if the drive ran out of space while malware was attempting to encrypt the contents: would the malware be brought to a halt (hopefully) or would btrfs give up on the snapshot totally, (hopefully not) or start deleting older snapshots (sounds plausible, at least for auto-created).
Are you aware of any studies carried out on this? Or are the answers obvious?
Meanwhile I am trying to work out a way to block users accessing files on other PC's, but let the ReadyNAS access the files for backup.
ReadyNASinUK wrote:
presumably the snapshot function would create a "delta" roughly equal to the size of the original file if malware tried to encrypt it.
Yes. All writes to the original file result in new blocks being allocated to the main copy, and the older block is retained in any snapshots. That includes malware encryption of the files.
ReadyNASinUK wrote:
Unless a lot of space is reserved, what would happen if the drive ran out of space while malware was attempting to encrypt the contents: would the malware be brought to a halt (hopefully) or would btrfs give up on the snapshot totally, (hopefully not) or start deleting older snapshots (sounds plausible, at least for auto-created).
The NAS will start deleting the snapshots automatically when the volume gets too full (~90%). There is a threshold for that you could set in the Admin Web UI.
As I suggested earlier, you'd want to keep the volume no more than 40% full if you want to use this strategy. Then if the malware rewrites every file, the space usage would double to 80%. Then there would still be 20% margin.
There is no study on this that I know of, but malware could defeat this approach simply by encrypting each file a second time. I guess there could be some malware that does this.
ReadyNASinUK wrote:
We used to use snapshots, but found it made searching on the user shares very lengthy, and the results confusing as Windows would find all the versions of a given file.
I don't allow the NAS to make the files visible in the share. I do enable show previous versions in Windows though.
Our first step, based on all the great information offered in this thread, is to expand the NAS storage from 4 x 3TB, XRaid, to 3 x 8TB, XRaid with 1 x 8TB Global Spare. We'll be putting the 4 x 3TB disks into our RN104 and setting up the RN424 with the new disks. Should have the data transferred to the RN424 over the weekend.
1. I find little info on setting up a Global Spare and how it would be used in practice to either replace a failing(ed) disk or to expand the capacity of the NAS at a later time. Can anyone elucidate? In the past, we've always just kept an extra disk on hand for any emergency failure and upgraded the entire array to increase capacity as needed. I'm thinking the Golbal Spare is a better route. Yes?
2. Our second effort will be to backup the local PC image backups to a non accessible share on a NTSF USB enclosure attached to the NAS. This should be safe from a Ransomware attack. The drive will also be easy to move to a local PC in order to restore an image. BTW - we use Macrium Reflect to create the PC images per defined schedules.
Any flaws in our thinking? Thanks.
If the time period between failure and drive replacemnt could be long, then a global spare can be useful, since it will become the replacement immediatly upon failure.
If you are l;ikely to be able to manually swap the drive quickly after a fialure, there are a couple dis-advantages of using a global spare. First is that the dirve will accumulate hours toward eventual failure. manybe not as badly as one constantly moving the hears for ereads & writes, but wera nontheless. The other id that the sync of the spare will occur before you have a chance to make sure your other drives look healthy and the backup is in order in case another fails.
I've never added a global spare to expand an array, so can't help you there.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
