NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Is ransomware attack on ReadyNAS possible?
Synology NAS servers are under attack of SynoLocker ransomware http://www.cso.com.au/article/551527/synolocker_demands_0_6_bitcoin_decrypt_synology_nas_devices/. Devices are encrypted and the owners a...
SSH port is easy to change. HTTP / HTTPS / FTP /FTPS ports should be possible to change too. I however doubt you can change SMB port or AFP port as clients do not ask ports and this would make those services inusable.
I also doubt that changing the ports would be of any help. I would personally not forward the ports from internet, maybe rise iptables on the outside interface.
Nevertheless if you want to change those ports at your own risks you have two options :
- Using iptables redirect (not sure if readynas has all the modules but you could give it a try). If you can do it on a single interface (either eth0 or eth1) that is the safest option as you could still recover from the other interface. You can also choose to make changes persistent or not after a reboot.
- Using config files (openSSH, Apache, Proftpd). But you would have to do it again after any update.
Once again, I don't think this would make much of a difference for this particular case as most (if not all) of those ports are not available through internet.
I do not know how readyNAS encryption works, if it does it file by file then you are right. If it takes the volume offline to do a full volume encryption, I don't know. Either way, I strongly recommend using a backup before it happens than to react while it happens. What if you are at work ? What if you don't get the alert ? An USB backup is a good option here too, not expensive if you have less than 3Tb data but definitely safer than any other option as it is disconnected from the NAS and even if it is connected it has no operating system to infect. The firmware can be infected though.
Creating a user with "sudo" power can be a solution too as it should have access to encrypted files because it will act as root. Maybe the malware didn't think about erasing existing user accounts but just cut the servers out or change rights on the files.
I also doubt that changing the ports would be of any help. I would personally not forward the ports from internet, maybe rise iptables on the outside interface.
Nevertheless if you want to change those ports at your own risks you have two options :
- Using iptables redirect (not sure if readynas has all the modules but you could give it a try). If you can do it on a single interface (either eth0 or eth1) that is the safest option as you could still recover from the other interface. You can also choose to make changes persistent or not after a reboot.
- Using config files (openSSH, Apache, Proftpd). But you would have to do it again after any update.
Once again, I don't think this would make much of a difference for this particular case as most (if not all) of those ports are not available through internet.
I do not know how readyNAS encryption works, if it does it file by file then you are right. If it takes the volume offline to do a full volume encryption, I don't know. Either way, I strongly recommend using a backup before it happens than to react while it happens. What if you are at work ? What if you don't get the alert ? An USB backup is a good option here too, not expensive if you have less than 3Tb data but definitely safer than any other option as it is disconnected from the NAS and even if it is connected it has no operating system to infect. The firmware can be infected though.
Creating a user with "sudo" power can be a solution too as it should have access to encrypted files because it will act as root. Maybe the malware didn't think about erasing existing user accounts but just cut the servers out or change rights on the files.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
