Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NAS box and cryptolocker


  • Please log in to reply
4 replies to this topic

#1 punkboy15

punkboy15

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 28 January 2015 - 09:00 AM

I have a question about securing my NAS box from crypto ransomware.  I know that many of them will encrypt any mapped drive on the computer so none of the computers that backup to the nas have a network map for it.  The backup software uses the ip address to get to the NAS for backups.  I still would like users to be able to see the files on the NAS box from each PC easily.  I believe I have to possible solutions but wanted feedback from other people.

 

The first option is to just make an internet shortcut to the NAS box webbased OS.  The issue I have with this is it gives users access to all of the settings on the NAS box.  It is only three other users that would access it but the less people that can make changes the better.

 

The second option is to make a shortcut on the desktop to the shared folder.  This is technically not a mapped drive but I do not know if any of the ransomware programs would be able to access it. 

 

 

 

Any feedback would be appreciated. 



BC AdBot (Login to Remove)

 


#2 Angoid

Angoid

  • Security Colleague
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Midlands UK
  • Local time:11:47 AM

Posted 28 January 2015 - 10:50 AM

Personally, I would never consider a drive that is electrically connected to an Internet-going computer to be secure from ransomware such as a cryptolocker.

 

I have a NAS box and it is mapped by way of a drive letter, and what I do to protect it is to have a computer that I use to "pull" the files from it to back it up.  This second machine is never connected to the Internet.  So the backup computer gets connected to the NAS, I back the files up from the NAS onto the backup computer, then power the backup laptop down again afterwards and remove it.

 

That way, I can always restore the files should they get damaged by drive failure / encrypting malware, or whatever.

 

Please note that I said "a cryptolocker" because the original Cryptolocker is now well dead, but there are plenty of others out there now.  The word seems to have become a generic umbrella term for encrypting ransomware, and that's why I used that phrase.

 

(Edit: Correct minor mistakes)


Edited by Angoid, 28 January 2015 - 10:53 AM.

Helping a loved one through a mental health issue?  Remember ALGEE...

Assess the risk | Listen nonjudgementally | Give reassurance and info | Encourage professional help | Encourage self-help and support network

#3 punkboy15

punkboy15
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 28 January 2015 - 12:35 PM

Unfortunately this is a 22TB nas box so backing up to another computer and keeping it offline is not an option.  I would like to unplug it after each backup but I know the people who will be using it will not do that on a consistent basis.  

 

Another idea I had was designating an unused computer strictly just for backup.  I would map network drives on that computer for all the other computers then have the unused computer send it to the NAS box.  I would make the unused computer user have write access to the NAS and all the other computers only get read access. 



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:47 AM

Posted 28 January 2015 - 03:45 PM

Do you need to be able to write to documents on the NAS? Or is it mainly an archive to read?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Angoid

Angoid

  • Security Colleague
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Midlands UK
  • Local time:11:47 AM

Posted 30 January 2015 - 07:43 AM

22TB?  This must be in a corporate environment, yes?  I can't see many home users needing that kind of capacity at this point in time (although I'm sure the time will come, like the time did when home users needed more than 640K memory).

 

It is imperative that some kind of offline backup is employed.

 

One solution would be to purchase another 22TB NAS and connect that to the designated backup computer.  Appreciate that this could be expensive, but you have to weigh that against the cost of losing your data on the NAS to a drive failure or a piece of encrypting malware.

 

When the time comes to back up the live NAS, connect the backup computer to it (or a router connected to it, whatever) and pull the backups to the backup NAS.

Once the backup has been completed, electrically disconnect the backup computer from the live NAS box.

The backup computer should only ever have read access to the live NAS, but read/write access to the backup NAS.

 

The thing about protecting yourself against encrypting malware is that the malware cannot bridge an airgap.  If there is any way at all to circumvent software restrictions, they will find it.  Remember that you're trying to safeguard here against crackshot coders that work for organised criminal rings and you have to take as many prisoners as they do.

 

Edit: Correct typos


Edited by Angoid, 30 January 2015 - 07:47 AM.

Helping a loved one through a mental health issue?  Remember ALGEE...

Assess the risk | Listen nonjudgementally | Give reassurance and info | Encourage professional help | Encourage self-help and support network




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users