Ransomware attacks on NAS devices are a well-known occurrence, and the reasons behind it are clear. First, NAS devices usually store important data that is critical for individuals and organizations. Second, NAS systems are designed to hold and manage significant amounts of data. Third, the NAS market is substantial and rapidly expanding, with an estimated revenue of $25.08 billion in 2021, projected to reach $91.23 billion by 2028, with a Compound Annual Growth Rate (CAGR) of 20.3% for the forecast period.
NAS devices are a popular target for ransomware attacks due to the critical data that is often stored on them, as well as the fact that they typically store large amounts of data. In addition, because NAS devices run on Linux operating systems, malware that was written for servers can be easily ported to these devices.
However, many users of NAS devices assume that their storage systems are secure and neglect to change default passwords or open their devices to the broader internet, making them soft targets for attacks across consumer, SMB, and enterprise markets. Despite this, there are few ransomware security solutions available for NAS devices.
Over the last three years, there have been several high-profile attacks against NAS devices, resulting in millions of dollars in damages and ransom payments. These attacks have included a campaign against QNAP devices followed by a subsequent campaign against ASUStore devices in February 2022, both perpetrated by the Deadbolt family of ransomware. In February 2023, a critical CVE was released for QNAP NAS devices, leaving them vulnerable to further exploitation by Deadbolt campaigns.
NAS devices are frequently targeted by ransomware attacks because they often store critical and large amounts of data, making them attractive targets. Additionally, NAS devices run on Linux operating systems, which makes them susceptible to malware written for servers. Unfortunately, few ransomware security solutions are available for NAS devices. In recent years, there have been several high-profile attacks against NAS devices, including the Deadbolt family of ransomware targeting QNAP and ASUStore devices.
Despite the risks, many users fail to adopt prevention strategies due to a lack of awareness or technical ability. Cyber hygiene is crucial to combating the growing threat of ransomware attacks on NAS devices. A few basic measures can be taken, such as making sure vulnerable devices are not exposed to the public internet, regularly updating systems and firmware, adjusting firewall rules, and implementing strong passwords.
Default administrative credentials must be updated with strong passwords. Finally, it’s important to take inventory of all NAS devices and ensure that only those that require internet exposure are exposed, and that their firewalls are appropriately set and management ports such as SSH are restricted. This is because vulnerabilities in NAS software are found quite often, leaving gaps that prevention methods such as strong passwords cannot fix.
NAS devices are frequently targeted by ransomware attacks due to the critical data stored on them and the fact that they are often exposed to the internet. Users of NAS devices tend to assume their storage systems are secure and neglect to change default passwords or adjust firewall rules, making them easy targets for attacks. There are also few ransomware security solutions available for NAS devices, which has resulted in many high-profile attacks causing millions of dollars in damages and ransom payments.
To combat this, basic cyber hygiene measures must be followed, such as protecting systems by making them inaccessible over the internet, performing regular updates, and implementing strong passwords. However, these measures may not be enough to stop attacks, particularly if there is an exploitable zero-day vulnerability. Advanced behavioral detection solutions are useful in this regard, as they can actively search for threats based on the operations a program performs.
Behavioral detection is more robust against new versions of malware than traditional signature or file scanning methods. A good solution to the ransomware problem on NAS devices should include rollback and the ability to remove malware from a system. Many NAS devices run Docker, which allows users to easily install and leverage a wide ecosystem of security software to protect their systems.
