NAS server

Protect your NAS from ransomware like eCh0raix

2019-07-27 update: It is happening on the synologies too right now. Follow the guide below to protect yourself from the attack!

Have you heard the news?

A new ransomware is alive and kicking and is targeting all QNAPs it can find on it’s path.

Yes, I know, this is a synology blog and the ransomware mentioned above is for QNAPs but no long ago, the same thing happened to Synologies, and this acts as a great reminder to take security of your NAS devices seriously.

In this post, I will remind you of the minimum security settings that you MUST configure on your NAS to keep hackers away, or at the very least, discourage them from attacking just your NAS.

What is a ransomware?

Ransomware is a piece of software — malware — which encrypts documents on a PC or even across a network. Victims can often only regain access to their encrypted files and PCs by paying a ransom to the criminals behind the ransomware.

What is eCh0raix?

eCh0raix is a new ransomwsare active right now on the internet, that targets QNAP NASes that have weak passwords or old operating systems. In other words, the easiest kind of attack and one you can prevent easily.

DON’T make it easy for hackers to get your data!! If they want it, make them work hard to get it.

My own rule on security.

How can you protect your NAS from this attacks?

There are a lot ways to do this, and I am going to show you the most important:

  1. Keep your DSM up to date. ALWAYS!! This one is a no-brainer, takes zero effort to do (you can have your synology update itself when a new update comes) and it will protect your from the most basic forms of ransomware.
  2. Another no-brainer: Stay away from weak passwords. Synology has a feature where you can enforce strong passwords for all, do that!
  3. Another duh-tip: disable your admin and guest account. With those enabled, you are giving 50% of your login to your hackers.
  4. Install 2-step authentication: “One apple a day, will keep your doctor away”–kind of solution 😉
  5. Have a great backup plan for your data, so you can always recover it if your data gets hacked. If there is something that Synology is great at, is actually backups.
  6. Give read only access to your backup folders.

And some recommendations from Synology themselves:

  • Enable Auto Block in Control Panel and run Security Advisor to make sure there is no weak password in the system.
  • Enable Firewall in Control Panel, and only allow public ports for services that are necessary.

There are obviously more things you can do to protect your NAS, but if I add them all, you probably will do non, overwhelmed by all the options.

Do this NOW, thank me later.

Ok, now open your NAS and at a minimum do: 1,2,3 and 4.

Do it NOW, don’t wait to coffee break, or that phone call or anything else. It takes, 5-10 min. You can thank me later.

Have a great ramsoware-free day!!

2 thoughts on “Protect your NAS from ransomware like eCh0raix

  1. “Give read only access to your backup folders.”

    What do you precisely mean with that?

    If I remove write permissions on the Time Machine folder, no new backups can be stored. I also cannot tell Synology to only allow writing into the directory of the latest backup but read only for all previous backup dirs.
    Could you elaborate an optimal setup for Time Machine with multiple machines? At least each machine should connect to Synology with its own user, so that a compromised machine cannot destroy another ones backups.

    1. Sorry, I meant give read only access to all users except one account that will do the backup.
      I don’t use time machine, so I don’t have any good recommendations on how to do backups with it.
      /Ruth

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.