I'm wondering how network shares are accessed via ransomware programs.
I read that both DMA Locker and Cerber are now sophisticated enough to also encrypt any network share, even if not mapped to a drive letter on the infected PC. So to me, it's as if the programs are just browsing the network and accessing any open network share.
I have a NAS, where I keep a copy of my nightly PC backup. That NAS has the ability to hide the share. The only way to access the share is if you browser to the device name or IP and share name directly. But since this info pops up when you type in Windows Explorer, it's obviously stored in the Windows registry. When I browse the network however, and look at the NAS, no shares are shown.
Does this simple step help keep the share safe, or is there a much deeper method that ransomware will use to find network shares, even if not visible through browsing the network?
Additionally, if you add credentials to a network share, and those credentials are stored by the backup program, could those credentials be easily hacked by the ransomware for access to the share, or are these darn malware programs that smart?