Ransomware continues to be the big story of the year. We see over and over how companies are targeted, their data is scrambled, and then they are forced to pay a substantial ransom to get their files back, as they didn’t have secure back-ups to restore from. It makes sense that hackers have also been targeting back-ups as much as possible to try and prevent your from being able to restore data on your own.
Recently, SC Magazine UK published a story on the discovery of a ransomware that is attacking NAS devices. A NAS (Network Attached Storage) is typically used for storing back-ups but can store other files as well. Kaspersky labs has found that this ransomware is a malware that applies advanced encryption methods so files cannot be decrypted without a unique key. The infected device owner is now stuck with a locked device and a demand to pay a ransom in order to regain access to files.
What’s unique about this type of ransomware, is that it isn’t delivered by the usual phishing emails. Rather, the hacker is scanning for a range of IP addresses looking for NAS devices accessible via the web. Even thought these web interfaces are protected with authentication, several of the devices have integrated software with vulnerabilities in it. The hackers can then install a Trojan using exploits, which will encrypt all data on the devices connected to the NAS.
As an organization, how can you lessen your risk of suffering a ransomware attack? And how do you protect those all-important back-ups? In the case of protecting your NAS, you definitely want to ensure you have strong password policies in place, as well as regularly patching with security updates. Kelvin Murray, senior threat research analyst at Webroot, adds, "NAS devices such as these should not be used as the only backup for an organisation. Once a machine is compromised the data on these devices is easily compromised too, so backups need to be air-gapped or have very limited and secured access." Another best practice for securing your back-ups involves keeping a copy or copies of back-ups off-site. Whether you use the old-fashioned back-up to tape and store the copies off-site, or the cloud, keeping it off your network will make it more difficult for a hacker to delete or encrypt. Of course, if you go the cloud route, check that your cloud provider is also using security best practices to secure your data.
If all of this seems daunting, you can always contact your trusted MSSP (Managed Security Services provider). Your MSSP can help you decide what is the best course of action when it comes to backing-up and storing your data. Your MSSP can also help advise you on security awareness training for staff, breach policies and monitoring your network for intrusions.