× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: How to protect from Cryptolocker?

obaeyens
Aspirant

How to protect from Cryptolocker?

I almost lost my files to a hard disk crash.

 

So I ended up bying ReadyNas 104 to save my data. I had my issues of locking up the NAS but when I turned off the anti-virus and bit rot then it works as charm. My data is safe.

 

Then I discovered ReadyCloud. Very interesing because it could replace my dropbox. But when I tested the ReadyCloud with a friend, it turns out that https://readycloud.netgear.com is only during my loging, not when I logged in. It is not clear if my friend has a secure connection or an insecure connection when transferring files.

 

Investigating security I discovered that Synology got 200,000 NAS drives hacked and even have cryptolocker installed that took their NAS data as ransom. And this freaks me out to lose my data again.

 

So the question is: How would you set up 1 or 2 ReadyNas devices that Cryptolocker has no chance to get to the second drive?

 

Right now I disconnected ReadyNas 104 (A) from the Readycloud and make it backup to an external USB drive and eject that dfrive when completed.

 

I was planning to buy a second ReadyNas 104 (B) to connect to the the ReadyCloud only. That becomes my Cloud server that I can sync with on different computers even friends but is disconnected from My ReadyNas 104 (A) that is purely as backup. (I even have it hidden from Windows 10 that wants to snoop on it)

 

I am probably going to buy a ReadyNas 204 instead of a 104 and use the current 104 as Cloud server.

 

The map would be

 

PC - ReadyNas 204 (no cloud) - USB backup driver (ejects automatic after backup)

PC - ReadyNas 104 (with Cloud) - Windows app to sycnhronice the cloud.

 

It would be nice to have a rsync between the ReadyNas 204 (no cloud) ReadyNas 104 (with Cloud) but in such a way that if the 104 gets compromised by the cryptolocker that it cannot procede automatically to the 204.

 

Any ideas?

 

 

 

 

 

 

 

 

Message 1 of 3

Accepted Solutions
StephenB
Guru

Re: How to protect from Cryptolocker?

First of all, Cryptolocker has been dead for about 15 months now.  In June of 2014 the botnet driving Cryptolocker was shut down, and by August 2014 two security firms managed to reverse-engineer the decryption, so affected users could recover their files ((https://en.wikipedia.org/wiki/Operation_Tovar).

 

Synology NAS were hit with a different ransomware, called SynLocker which struck in August 2014 (shortly after Cryptolocker was taken out).  The security bug that SynLocker exploited had already been fixed by Synology in December 2013 (https://redmondmag.com/articles/2014/08/07/ransomware-targeting-synology-nas-servers.aspx).

 

Therefore your specific threat is no longer a problem.  The broader one (how to protect from the next bad stuff) is not.

 

Part of the answer to "how to protect..." is to keep up on your firmware updates, particularly ones that include security fixes. If all the synology customers had done that, they would have been fine.  Since Netgear often releases security patches as "beta" initially, you should keep an eye on the forum here for beta releases, and consider taking ones that have security fixes in their release notes.

 

Another aspect is basic security practices.  Don't put the NAS in the DMZ of your router.  Don't expose services you don't use to the internet.  Use protocols that are encrypted (e.g., ftps instead of ftp, https instead of http).  Also use strong passwords, since encryption buys you nothing if the passwords are easy to crack.

 

ReadyCloud does present a quandary.  Netgear clearly does care about security, but the ReadyCloud website uses http, not https.  Current information on the VPN core encryption/key exchange isn't available.  So deciding to use it does require accepting some security risks (and living with some unknowns).

 

Attempting to isolate your backup NAS probably won't help much in mitigating the risks.  Malware could still spread from the main NAS to the backup, when the backup is run.  And frankly the bigger threat is that your personal information will be silently stolen, not destroyed or held for ransom.

 

So what would help?  Well, you could chose not to use it.  OpenVPN is available on many routers (including Netgear), and that does provide an encrypted and secure way for you to access your data.  It's not as well suited to controlled sharing with friends, it is more of an all-or-nothing kind of thing.  OwnCloud is also an option though - and that provides features similar to ReadyCloud.  And OwnCloud has published a security document, and also published security advisories.  

 

Or you could choose to use it anyway, and either keep your sensistive information off the NAS altogether, or put it into encrypted containers. An Encrypted VHD (Microsoft virtual disk) would work, it uses client-side encryption so getting the VHD file from the NAS doesn't help the bad guys.

 

 

View solution in original post

Message 2 of 3

All Replies
StephenB
Guru

Re: How to protect from Cryptolocker?

First of all, Cryptolocker has been dead for about 15 months now.  In June of 2014 the botnet driving Cryptolocker was shut down, and by August 2014 two security firms managed to reverse-engineer the decryption, so affected users could recover their files ((https://en.wikipedia.org/wiki/Operation_Tovar).

 

Synology NAS were hit with a different ransomware, called SynLocker which struck in August 2014 (shortly after Cryptolocker was taken out).  The security bug that SynLocker exploited had already been fixed by Synology in December 2013 (https://redmondmag.com/articles/2014/08/07/ransomware-targeting-synology-nas-servers.aspx).

 

Therefore your specific threat is no longer a problem.  The broader one (how to protect from the next bad stuff) is not.

 

Part of the answer to "how to protect..." is to keep up on your firmware updates, particularly ones that include security fixes. If all the synology customers had done that, they would have been fine.  Since Netgear often releases security patches as "beta" initially, you should keep an eye on the forum here for beta releases, and consider taking ones that have security fixes in their release notes.

 

Another aspect is basic security practices.  Don't put the NAS in the DMZ of your router.  Don't expose services you don't use to the internet.  Use protocols that are encrypted (e.g., ftps instead of ftp, https instead of http).  Also use strong passwords, since encryption buys you nothing if the passwords are easy to crack.

 

ReadyCloud does present a quandary.  Netgear clearly does care about security, but the ReadyCloud website uses http, not https.  Current information on the VPN core encryption/key exchange isn't available.  So deciding to use it does require accepting some security risks (and living with some unknowns).

 

Attempting to isolate your backup NAS probably won't help much in mitigating the risks.  Malware could still spread from the main NAS to the backup, when the backup is run.  And frankly the bigger threat is that your personal information will be silently stolen, not destroyed or held for ransom.

 

So what would help?  Well, you could chose not to use it.  OpenVPN is available on many routers (including Netgear), and that does provide an encrypted and secure way for you to access your data.  It's not as well suited to controlled sharing with friends, it is more of an all-or-nothing kind of thing.  OwnCloud is also an option though - and that provides features similar to ReadyCloud.  And OwnCloud has published a security document, and also published security advisories.  

 

Or you could choose to use it anyway, and either keep your sensistive information off the NAS altogether, or put it into encrypted containers. An Encrypted VHD (Microsoft virtual disk) would work, it uses client-side encryption so getting the VHD file from the NAS doesn't help the bad guys.

 

 

Message 2 of 3
obaeyens
Aspirant

Re: How to protect from Cryptolocker?

This is one great response.

Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 4374 views
  • 1 kudo
  • 2 in conversation
Announcements