If you think that leaving your My Cloud NAS devices connected to the internet is a good idea, think again. It’s only a matter of time, and RAID won’t protect you. If you don’t have external (isolated) backups, now is the time to create them, before it’s too late.
The number of ransomware strains targeting NAS and backup storage devices is growing, with users “unprepared” for the threat, researchers say.
Devices may be accessed directly through a network or may have a web interface. The problem, Kaspersky says, is that user authentication can sometimes be bypassed due to integrated software in NAS systems that have vulnerabilities.
Ransomware developers have realized this, and while there was little evidence of NAS devices being targeted in 2018, this year, a range of new ransomware families have emerged with NAS-exploit capabilities.
To begin an attack chain, operators will first perform a scan of a range of IP addresses to find NAS devices that are accessible via the Internet. Exploits of unpatched vulnerabilities are then attempted, and if successful, Trojans will be deployed and data encryption of all devices connected to the NAS drive begins.
Wipers have also become a more frequent attack tool. Like ransomware, such programs rename files and make ransom demands. But these Trojans irreversibly ruin the file contents (replacing them with zeros or random bytes), so even if the victim pays up, the original files are lost.
Network attacks are still widespread. This quarter, as in previous ones, we registered numerous attempts to exploit vulnerabilities in the SMB protocol. This indicates that unprotected and not-updated systems are still at high risk of infection in attacks that deploy EternalBlue, EternalRomance, and other exploits.