Protecting NAS from malware

Do you use NAS for backup? We’ll tell you how to protect it from new threats

Users can be divided into two categories: those who still don’t make backups, and those who already do. When a hard drive burnout or some nasty ransomware suddenly destroys your important files, the wisdom of hindsight suddenly hits you — but sorting out backups is only half the battle. The other half is about protecting your home data center from malware, which has already begun to go after such systems.

Malware targets NAS

Movies and TV shows on your laptop or PC, heart-warming holiday pics on your smartphone, work documents, and personal correspondence — sooner or later most users decide to move their digital possessions to a single secure location to keep them safe from the evil world outside.

For many people, network-attached storage (NAS) is the ideal solution for storage and security; it operates on a “set and forget” principle. These small boxes can already be heard humming in hundreds of thousands of homes, swapping data between home devices and backing it up at the same time.

Unfortunately, the more popular the NAS, the more often it lands in the crosshairs of cybercriminals. We don’t need to look very far for examples — after May 2017’s WannaCry epidemic even people who don’t care much about information security got to know about ransomware. Such malware can already penetrate network drives, and some types are even specially developed with NAS devices in mind.

For example, just a few days ago, news broke about a new ransomware by the name of StorageCrypt, which attacks NAS devices through the SambaCry vulnerability and encrypts files on them, after which it demands the tidy sum of 0.4 or 2 bitcoin for decryption (at the current rate, about $6,400 or $32,000, respectively). StorageCrypt has already left quite a few users without their backups.

By the way, the same SambaCry vulnerability can be used to populate devices with all sorts of infections: spyware, programs for DDoS attacks, cryptocurrency miners, and so forth. But luckily, in most cases, you can avert problems by properly configuring your NAS.

How to configure your NAS

If data security is a priority, you may want to consider giving up some ease of use in favor of keeping files safe. We’ve posted before about what you need to focus on when creating your backup system. In short, isolating the storage from external connections — so it can’t be accessed from the Internet — is key. Sure, it’s convenient to hook up to your media library when out and about (so modern!), but you’re not the only one who finds it convenient.

The right way to make backups

Cybercriminals use special search engines that automatically scan the Internet for open network ports. For example, it happens that almost half a million devices are vulnerable to the infamous StorageCrypt. What other infections are lurking out there, and which security holes they’ll jump through into your home, no one knows.

Do you want your data to be securely protected from StorageCrypt and its potential offspring? If so, take a look at our NAS setup tips:

  1. Disable online access to files in the NAS’s settings (leaving local network access only). StorageCrypt spreads over the Internet through a vulnerability in the SMB protocol. Keeping your NAS disconnected from the Internet minimizes its chances of getting infected.
  2. Improve the level of NAS protection further by disabling the vulnerable SMB protocol. Usability might take a nosedive, so this one’s up to you. But with SMB disabled, your NAS won’t get encrypted by malware like WannaCry, which launches attacks from local networks. Your NAS’s user guide should include instructions for disabling SMB.
  3. Update NAS firmware regularly. Vendors do their best to patch the most serious vulnerabilities and keep almost their entire device range up to date.
  4. Close outward-facing network ports 139 and 445 on your router. (If you have a NAS, you’re sure to have a router to manage your home network.) Those are the ports used by StorageCrypt-style attacks. You can read about network ports here, and your router user guide will tell you how to close them.

One last thing: Make sure to install a reliable security solution on every home network device to protect your NAS against malware penetrating from within the network.