We use cookies to help us improve our webpage. Please read our Cookie Policy .

NAS 353

Mitigating Ransomware Risks

Mitigate ransomware and malware risks

2021-02-26

COURSE OBJECTIVES

Upon completion of this course you should be able to:

1.Mitigate ransomware and malware risks

2.Disable unneeded and unnecessary services


PREREQUISITES

Course Prerequisites:

N/A

Students are expected to have a working knowledge of:

N/A

OUTLINE

1.What is Ransomware?

2.Prevention is better than regret.

2.1 Mitigating the Risk

2.2 Protection on Desktops

3. Reacting to a Ransomware Attack


1.What is Ransomware?

Ransomware is malicious software which encrypts your files and holds them for financial ransom. You’ll have to pay money to get data back and there is no guarantee a ransomware developer will honor their commitment after payment.

2.Prevention is better than regret.

The best way to ensure data security is to prevent attacks from taking hold in the first place. Keeping good backups is key to maintaining immunity from ransomware attacks and saving time and money. None of what is described in this article guarantees data restoration in the event of a malware attack and all data protection strategies carry a degree of risk. More strategies adopted means lower risk, but your mileage and situation may vary.


2.1 Mitigating the Risk

1. Changing Default Administrator Account Settings

1.1 Use a strong password and disable main Administrator account:

Strong passwords are often neglected. This allows unauthorized parties to easily guess the password to inject code. ASUSTOR recommends changing your passwords regularly. Passwords should be at least eight digits with a mixture of upper case and lower case letters, numbers, and punctuation. The account named Admin should be disabled and a new admin account with a different name should be created in its place.


1.2 To change your password in ADM, click the administrator account in Access Control and press Edit.

1.3 To disable the admin account entirely, create a new admin account with a different name by clicking Add in Access Control. Sign into the new admin account, head over to Access Control, click the original admin account, click edit, click Disable this account.



2. Ensure ADM is Up-To-Date

2.1 ASUSTOR maintains its ADM operating system for ASUSTOR NAS devices. Updates come out for ADM on a regular basis, adding new features and fixing vulnerabilities. Remaining secure means always keeping your ASUSTOR NAS operating system and apps up to date.

2.2 To update ADM, click ADM Update in Settings. Press Update Now to update the OS to the latest version if ADM is not up to date.

3. Turn on ADM Defender

3.1 Enable the Automatic blacklist to block repeated unauthorized login attempts. If any client’s IP address attempts to log in unsuccessfully a number of times within a certain period of time that client’s IP address will be blocked by ADM and can only be reversed by an authorized user.

4. Disabling Unnecessary Services

4.1 If SSH and SFTP are not needed, they should be disabled. They can be enabled when needed. SFTP is needed for ASUSTOR EZ Connect. SSH is not often needed by most customers.

If remote use is required, set only the ports that you need and whitelist only the devices that are supposed to connect. Set your NAS to deny connections from unknown devices.

5. Avoid Using Preset Ports

5.1 Changing default access ports adds a layer of complexity. Leaving ports at their default values remove a layer of security as changing them adds a layer of guesswork and frustrates attempts to gain access to an ASUSTOR NAS. Ports 8000 and 8001 are the default for the main ADM web UI and are a possible entry point if the port number is known.

6. Securing your NAS with an HTTPS Certificate

6.1 If you decide to connect to your NAS remotely from a free Wi-Fi network or public computer, ensure that your NAS is secured with a valid HTTPS certificate. Instructions for setting up HTTP Secure on your NAS can be found here. HTTPS helps prevent attackers from sniffing passwords over a network and encrypts the data on a web page and personal information such as passwords. Only the website domain name is visible while content and pages are not.


2.2 Protection on Desktops

1. Avoid Browsing Unknown Websites

1.1 Some websites may contain links that invite downloads of malicious software. Please exercise caution when visiting unknown websites.

2. Protecting Against Desktop Ransomware

2.1 Some forms of ransomware found on PCs are able to infect files stored on a NAS. Some ransomware implementations are able to infect files on SMB shares and iSCSI drives. To mitigate risk of your computer infecting files on your NAS, ensure that SMB shares and iSCSI drives are disconnected with no passwords saved on your PC while only connecting to it using the NAS’s share name, ensure that your NAS has Btrfs enabled and regularly taking snapshots of your data, back up important data to a MyArchive drive and store it away from a network and have your NAS hibernate or remain off when not in use.


Back Up. Back Up. Back Up.

3. Build up multiple backups:

The best protection of your data is to back up files periodically. Provided that all the steps are taken, if an attack is successful, some or all data is likely to be easily restored. The 321 backup rule is a good rule of thumb in practicing data safety.

  • At least three copies of data.
  • Stored in two different types of storage spaces.
  • At least one backup on an offsite location.

ASUSTOR NAS devices provide a myriad of options for backing up and data safety. Several are listed below:

  • Backups to public cloud providers, including, but not limited to Dropbox, Google Drive, Microsoft OneDrive by DataSync Center.
  • MyArchive cold storage drives
  • Owning multiple NAS devices where one is a main NAS and the other is a backup.
  • External storage backups
  • Btrfs snapshots

ASUSTOR’s MyArchive cold storage technology makes backing up easy. Manually copy and back up information to a hot swappable MyArchive drive and place it in a location away from the NAS. MyArchive drives can also be encrypted to prevent data theft in the event a drive is stolen.


Snapshot Center lets you create snapshots automatically or manually. If data is corrupt, or infected by ransomware, Snapshot Center is able to quickly restore data to a previous uninfected version as it keeps tabs on file modifications.


3. Reacting to a Ransomware Attack

If you find yourself experiencing a ransomware infection, please disable Wi-Fi or disconnect your WAN cable ensuring that you are disconnected from the Internet. On an uninfected PC, check to see if NAS files are infected, if not, then attempt to roll back data on Snapshot Center to a previous version.

1. Disable Wi-Fi or pull of the Ethernet cable.

2. Delete suspected infected files. Take care to avoid deleting backups.

3. Attempt restoration of files by rolling back modifications in Snapshot Center.






Was this article helpful? Yes / No