Is ransomware attack on ReadyNAS possible?

ukbobboy wrote:
You said: nothing in life is risk-free That, without a doubt, is so very true but how many people understand that when they use a computer on the internet the risks they are taking? And even worse (or unknown), how can that risk be quantified?

I'm sure there are metrics out there. I'm not sure they are that helpful though. I don't research the odds when I am trying to decide whether to fasten my seat belt. I just fasten it.

ukbobboy wrote:
You also said: what you really need to do is manage your risk Well, how can you manage something that is "unknown"?

The root cause for future attacks is not known to be sure. But the risk itself (that your data could be stolen, or hijacked for ransom, or just trashed) is known. One can manage it in a variety of ways. Making a backup to a USB drive, and putting it in a safety deposit box is one. Encrypting sensitive files can protect against stolen data/identify theft, but not hijacking or trashing... The way you manage this is to think about the consequences of stolen or lost data, and take some precautions.

ukbobboy wrote:
The main problem is that whenever anything computer enhanced is sold security of that equipment is a poor secondary afterthought.

15 years ago that was perhaps true. But it certainly isn't true now. Microsoft, Apple, Google are all very serious about security threats, and it certainly is not an afterthought for any of them. IoS and Android both have a security framework that is in place. Netgear and Synology also clearly take it seriously, and routinely release security updates.

What is happening is that the attacks change over time. Years ago it was the OS itself. From there it shifted to Office, then to browser plugins. Now it has shifted again to commonly used open source. Viruses mostly gave way to phishing, and more recently we are seeing automated botnet 0-day attacks launched by compromised PCs.

But overall, internet security is much better than it was 10-15 years ago, even though the internet is much bigger. Back then virus attacks frequently shut down large corporations for days, sometimes several times a year. That is not to say that there is no need to be concerned, or that everything is safe. But security is not an afterthought, and attacks now generally don't have the massive impact they had years back.

Having said that, part of the problem is that the original network protocols that the internet is built on were designed in a very different world than today - and they are not secure. Lots of people are looking at that, especially in the context of Snowden. However, there are limits to what can be done, given the scale the internet has reached.