Ransomware access to USB device

My Cloud OS 3 Personal & Network Attached Storage My Cloud
1

I use the USB device to hold a Safepoint for the computer backup files I create on the MC shares. If I turn off all access for the computer accounts to the Safepoint share I’m hoping if ransomware runs from a user account on the computer, it will not be able to encrypt folders on the Safepoint share.

Is this reasonable or is there still an attack vector?

Should the MC admin account also have no share access to the Safepoint or is that the mechanism WD uses to update the Safepoint?

2

A lot will depend on how the ransomware program is designed. Technically anything connected to an infected computer or device is potentially at risk. This includes mapped drives/Shares. There apparently is some ransomware that has gone after NAS drives. See the following link for one article that discusses the issue with Synology NAS devices.

https://redmondmag.com/articles/2014/08/07/ransomware-targeting-synology-nas-servers.aspx

The main thing to do is prevent the intrusion/malware from reaching the local network/computer in the first place. This includes good surfing habits, i.e., avoid surfing porn sites, opening spam emails, having good antivirus/security software that scans on a regular (or daily) basis, ensuring all computers and network devices are updated to the latest versions/firmware.

Password protecting a Share may not prevent an infection from an already infected PC that has that Share mapped. The better option is to lock down the My Cloud by setting a Share to Read Only access or No Access, turning off SSH and FTP and requiring a password to access the Dashboard. Obviously using strong passwords is also needed to prevent other methods of attack on the NAS.

3

Thank you for the reminder about SSH and FTP access to the device. I recall using SSH for some experimentation in the past and left it enabled. I had already covered the Safepoint share access by setting all user accounts to No Access. Dashboard access is password protected.

I didn’t see an explicit response to the question about the MC admin account and its share permission on the Safepoint share. I suppose its easy enough to test by setting it to No Access and see if a Safepoint update still works.