Network Attached Storage (NAS) devices can be great resources on your network when it comes to centralized storage accessible to all devices on the network. The issue is that this centralized entity may be accessed from outside the network.

This past week, QNAP NAS devices have been targeted by a .deadbolt ransomware. Owners will wake up to find their data has been locked with a .deadbolt extension and ransom demands of $1,100 in bitcoin are being made so that they may unlock their data.

Most of the QNAP devices have ports exposed to the outside network through the firewall. These ports are 8080 and 443 to allow external admin access to the QNAP device. QNAP is asking customers to also disable UPnP on myQNAPcloud.

As a standard practice with our clients, we limiting the use of NAS to just the internal network, disabling any NAT, port forwarding, or UPnP protocols, and use complex username/password combinations as another precaution.

It’s also critical to remember that firmware updates, which are issued in the form of security patches, are vital for your NAS. Although security updates will generally keep you safe, they won’t prevent zero-day exploits like this one from happening. The easiest method to protect yourself is to reduce your attack surface by restricting what is exposed to the outside world and who has access to it.

The 3 things you need to do right away to secure your Network Attached Storage:

1. Turn off any access to the NAS from outside the network. This means disabling any NAT rules, virtual servers or port forwarding that might be in place inside your firewall.

2 Disable UPnP on your devices. This setting allows for easier integration on the network and to be easier to discover. Unfortunately, it’s also a great way for malware to open backdoors into your network. Because UPnP is automated on many routers, devices inside the network could create a firewall rule automatically with the router in order to be accessible from external networks. A simple solution is to just disable UPnP altogether on any devices in your network, especially on your NAS.

3. Upgrade the firmware immediately running on your NAS device. These updates tend to patch zero day exploits such as this one that might be used by ransomware or other types of malware authors looking to exploit your Network Attached Storage.

If you need a comprehensive overview of your security practices the best way is to find a trusted Managed Security Services company or an Managed Services Provider (MSP) in your area. AlphaCIS is located in Metro Atlanta area and offers pen testing, network security assessment as well as ongoing technical support. You can reach out us here. Or call us at (678) 619-1218