Is a Synology NAS in my home protected from Ransomware?

[G+_Todd Nielsen]

Is a Synology NAS in my home protected from Ransomware?

[G+_Ben Reese]

Not necessarily, but it depends on how you use it. If you have shares open to the network or mapped to a drive on a computer, it's vulnerable. On the other hand, it may also be saving multiple versions of each file which would help with recovery.

[G+_Todd Nielsen]

Ben Reese

Thank you Ben, So I should disconnect my mapped drives after I'm done using them?

 

Is there another or better way to "isolate" it from my computers?

[G+_Peter Hanse]

Ben Reese yep ransom encryption will go after any drive on computer or mapped to drive. Keep versioning backup you can use hyper backup to do this on NAS to external drive attached to NAS. Do not use external drive as network drive just as backup. Also restricting permissions will help limit attack. Not sure if synology offers alert if it sees mass file changes so you can stop attack.

[G+_Todd Nielsen]

Peter Hanse

Thanks Guys I appreciate the feedback

[G+_Golden Retriever]

Just don't use an admin account, admin credentials are required to enable encryption.

[G+_Travis Hershberger]

Tod Sage? any file an account has write access to can be encrypted, the account type doesn't matter.

[G+_Ben Tyger]

Todd Nielsen?? The only real protection is file versioning backups that aren't exposed to the infected computer's filesystem.

 

Things like carbinite and crashplan fit the bill. I thing crashplan can be integrated into some of synology NASes.

[G+_Peter Hanse]

Ben Tyger Synology has crashplan through secondary package site. However the hyperbackup that is from Synology can do versioning both to local USB network or cloud destination. I use with both USB drive connected to NAS for frequent backups and to Amazon drive once a week for remote backup.

[G+_Golden Retriever]

Travis Hershberger Ok maybe my knowledge is out of date, but I was told when you set up windows you set up a admin account, but your next step should be to set up a user account specifically because of ransomware, the reason is because as a user you do not have access to Windows full disk encryption which many of the early ransomware were using, so if you stay logged on to your user account any nasty thing that gets into your system that attempts to encrypt your disk won't have access. The reason early ransomware was able to hit you was because many users were simply logging on to the default account made when window it was set up they did not have account privileges locked down.

So have things changed? 

 

 

This is what Leo and Steve said, never do daily tasks under a full privileged default account because when that account is active "logged in" anything nastie can change settings in Windows.

 

 

As a User software simply cannot install by default and core functions are "like full disk encryption subsystem" are locked out.

 

Perhaps I misunderstood how ransome ware works as you seem to be referring to per file encryption and maybe done by a downloaded program rather then windows own built in capability?

 

If I am full of "you know what" please correct my misunderstanding.

 

I've never done system administration I've always been responsible for equipment rather then users.?

[G+_Ben Reese]

Tod Sage in general it's best to run as a restricted user, but just running as a restricted user doesn't protect you. For most people, losing documents, photos, and home videos would be far worse than losing a Windows installation. If my C-Drive was hit by ransomware it would be bad, but if a NAS or external drive with all my photos from the last 15 years was hit, it would be devastating (assuming no good, recent backup). I can reinstall Windows in a couple hours, but memories can't be replaced.

[G+_Golden Retriever]

Ben Reese how does versioning protect you? if your NAS is connected to your PC wouldn't they just encrypt the whole array?

[G+_Ben Tyger]

Tod Sage? Most ransomware runs in the content of the user that got it infected. Even if you it can't access system files, all of the user's personal files are possible targets.

 

Also I wouldn't rely on using unmapped windows shares as 'protection' against it spreading. I've seen more than enough programs that don't work well over remote share paths and need user mapped drives. Also if you have a less skilled computer user, mapped drives are often a necessity. So then ransomware can easily spread machine and storage device.

[G+_Ben Tyger]

Tod Sage?? Ransomware targets raw files in the filesystem. If the a file is in the (virtual) filesystem and is writable by that infected user, it can be a target for ransomware.

 

Backup systems that don't expose backup files to the infected machines can't be targeted. Also make sure you versioning backups. Versioned backups is when you keep a backup of the file every time it changes. Some of the ransomware will purposely try to overwrite the file several times to try to infected the backup history of a file. That why it is important to keep an infinite / long backup file history.

[G+_Peter Hanse]

Also key is don't open attachments and links from unknown senders. Also doing offsite and offline backups prevent them from being fully encrypted. 3 tires of backup are local, offsite, and offline rotation. 1 is none, 2 is some, and 3 is for me.

[G+_Golden Retriever]

Hum sounds like beyond my means rather then my capabilities.

[G+_Golden Retriever]

I've worked on arrays of two drives in a PC tower to robotic drive picker systems with redundant controllers, power supplies, ram, cash ram, cooling systems, Benelli drives, Magneto Optical drives, solid state. Lots of hardware, but I've never actually managed any of them.

 

I get most of the basic concepts but few of the finer details and none of the skill of doing that management.

 

I can console a Cisco device with physical access drill down and copy the encrypted password and paste it back in to gain access and change it but never know what the old password was, but I couldn't meaningfully modify a VLAN because I only get the concept but not the interface terminology or language.

 

The irony of a hardware guy.

[G+_Ben Tyger]

Tod Sage Here's a better explination of 3-2-1. carbonite.com - What is 3-2-1 backup? I'm not pushing carbonite. It is just a good explanation.

 

Another aspect of backups, it that you need to make it as friction free as possible. As soon as things get bothersome, backups get pushed off or forgotten. For me, with a family of 7, I don't have time to messing with really anything. That's why I use crashplan to push to the cloud and do a local backup. I'm willing to pay the ~13/month for the family plan so I don't have to manage pull/push scripts to aggregate all my data to a single backup system. I just put crashplan software on every system I need to protect.

[G+_David Keeler]

I run Allway Sync in the background to sync a one way copy of the backup files over to the NAS drive once a day. If I get nailed with ransomware, odds are it wont be the few minutes before a sync happens. That way I can simply pull the drives off the NAS and use the untouched restore files.

[G+_Peter Hanse]

David Keeler do you also backup NAS drives?

[G+_David Keeler]

No.. To be honest I just have my TiVo shows that I edit through KMTTG stored on 2 of my NAS drives. The other 2 are networked but not mapped. But they are only accessed at 2300 hours at night to act as a backup of my System image, OS disk and files disk.