Is ransomware attack on ReadyNAS possible?

ukbobboy wrote:
then how is the end user suppose to know what to do.

This can be more tricky than you might think, and it is a topic of discussion in security circles [I monitor some of them professionally but I am NOT an expert].

I get several security warnings whenever I install a new app (either android or apple). I have to say I don't read them as carefully as I should. If I want the app, I just accept.

A couple of weeks ago I was at a meeting discussing internet security and privacy - the same issue surfaced there, though expressed differently. "My mother searches on the internet, and finds a cat video. She clicks on the link, and her browser gives her a bunch of warnings. But its a cat video so she just has to see it". Cat videos trump security all the time. Security experts know this.

So from a security perspective, the human running the equipment is often the weakest link. They want to do what they want to do. You need to give them options, but it is hard to word the warnings so that users actually understand the risks they are facing.

I realize your question is a bit lower down - how does the person administering the NAS know what the best practices are? But it is related. There is definitely a catch-22 - for a lot of people if you give them too much information it just turns into another ignored click-through. If you make it too difficult, then you get user resistance (the cert warnings the browsers give you when you connect to the NAS being one example). But many people do want to know...

So I don't have a good answer, and I don't think the industry does either. Creating a good and secure cloud offering is part of it though. Having an easy to use, inexpensive (or free) and secure way to connecting to your NAS from all your devices anywhere would help a lot. A lot of NAS owners get into trouble because they are trying to figure out on their own how to do this. It would be nice if ReadyCLOUD was that - but right now its not.