Until now, users of NAS systems have felt relatively safe from intrusion into these very systems. The OSs are largely sealed off and access via the LAN is difficult.

This has ended with the advent of Deadbolt on QNAP at the latest.
Now a second manufacturer is affected with Asustor.
Whether it will stay that way is questionable. It is rather to be feared that other manufacturers like Synology will soon face similar problems.

Everyone who uses a NAS is therefore advised to check the security of his system thoroughly, to close ports that are not needed, to use other ports than the standard ones and to rather do without online services (e.g. remote manager ...) of the manufacturer. And , of course, backup the NAS.

https://www.qnap.com/en/security-ne...ble-version-fight-against-ransomware-together

https://nascompares.com/2022/02/21/asustor-nas-drives-getting-hit-by-deadbolt-ransomware/

 

Yikes. Im running Synology and have to admit that my security is lax, at best.

 

I have a QNAP and I was hit by deadbolt. Fortunately I had 99% backed up (still bummed by the files I did lose though).
Many advise about keeping the NAS off the internet entirely but for me, that defeats the purpose of even having a NAS in the first place so I rely on a solid backup plan and put in place as many of recommend security settings advised.
I'll tell you, it's a shocker when it happens...I felt violated!

 

I can imagine that. It's like someone breaking into your apartment. But ransoming is even more disgusting.

 

people who do this are just digital scum. spreading digital diseases and nothing to destroy other important data welcome to the internet cancer

 

mine too rather lax... but since the NAS manufacturers all use very similar software I did the least I could do today. Changed standard ports (5000) for SMB.
The only port still open to the outside is 21(ftp). I use synology as well, there you can e.g. block access when there too many incorrect login attempts.
Next thing to do is hardening built-in firewall.

 

Personally, I have always treated those who massively distribute ransomware to ordinary users with disdain. It's one thing to spend a year penetrating the network of a huge corporation and hitting their internal network, and quite another thing is to perform primitive mass user attacks. By the way, last year, one of the authors of such malicious software, who sold it by subscription to petty crooks who infect the computers of ordinary people, reported that he was overtaken by karma. He was diagnosed with stage 4 cancer. At that time(20+ years ago) he was 17 years old. I remember a time when cybercriminals followed certain ethics. It makes me sad to see how this scene has deteriorated.