Recently, some Synology owners discovered that all files on their NAS system were encrypted. Unfortunately, a ransomware that has infected the NAS has requested a payment to recover the data. Follow these steps to protect your NAS.
How to Prevent Ransomware Attacks
Synology warns NAS owners of several ransomware attacks that have recently hit some users. The attackers use brute force methods to guess the default password. In essence, they will try any password until they get a match. Once they find the correct password and have access to the storage device attached to the network, the hackers encrypt all files and request a ransom.
There are several ways to prevent such attacks. You can disable remote access altogether and allow only local connections. If you need remote access, you can set up a VPN to restrict access to your NAS. And if a VPN is not a good option (for example, because of slow networks), you can improve the options for remote access.
: Disable Remote Access
The safest option you can choose is to completely disable remote connectivity. If you can not access your NAS remotely, this can not be a hacker either. However, if you only work at home with your NAS, for example to watch movies, you may not miss the remote features at all.
The latest Synology NAS devices include a QuickConnect feature. QuickConnect takes care of the hard work of activating remote features. If enabled, you do not need to set up router port forwarding.
To remove remote access through QuickConnect, log in to your NAS interface. Open the Control Panel and click "QuickConnect" in the sidebar under Connectivity. Uncheck "Enable Quick Connect" and click "Apply."
However, if you have enabled port forwarding on your router, if you have remote access, you must disable this port forwarding rule. To disable port forwarding, you should obtain the IP address of your router and log in with it.
Then refer to your router's manual to find the port forwarding page (each router model is different). If you do not have your router manual, you can do a web search for the model number of your router and the word "manual". The guide will show you where to look for rules for forwarding ports. Disable all port forwarding rules for the NAS device.
Option 2: Use a VPN for remote access.
<img class = "alignnone wp-image-435591 size-full" data-pagespeed-lazy-src = "https://www.howtogeek.com/wp-content/uploads/2019/07/xPackage-Center .jpg.pagespeed.gp + jp + jw + pj + ws + js + rj + rp + rw + ri + cp + md.ic.9smqqrC-KT.jpg "alt =" The Package Center displays the installation of the VPN server Synology NAS to the Internet, but if you need to connect remotely, we recommend setting up a virtual private network (VPN) .When a VPN server is installed, you can not directly access the NAS device, but instead connect The router treats you as if you were on the same network as the NAS (for example, at home).
You can download a VPN server from the Package Center on your Synology NAS. Just search for "vpn" and select the installation option under VPN server When you open the VPN server for the first time, there will be a selection of PPTP, L2TP / IPSec and OpenVPN Pro tokollen displayed. We recommend OpenVPN as the safest option.
You can preserve all OpenVPN defaults, even if you want to access other devices. If the network is connected via VPN, you must allow "Clients enable the server's LAN "and then click on" Apply ". standard 1194).
If you use OpenVPN for your VPN, you need a compatible VPN client to access it. We recommend OpenVPN Connect, which is available for Windows, MacOS, iOS, Android and even Linux.
Option 3: Secure remote access as much as possible
If you need remote access and VPN is not a viable solution (possibly because of slower internet speeds), you should try to secure remote access as much as possible.
To secure remote access, log in to the NAS, open the Control Panel, and then select Users. If the default administrator is enabled, create a new administrator account (if you do not already have one) and disable the default administrator. The default administrator account is the first account that normally attacks ransomware. The guest user is usually disabled by default. You should leave it that way, unless you have a specific need.
What You Should Ensure All users you create for the NAS have complicated passwords. We recommend using a password manager to support this. If you share the NAS and allow other users to create user accounts, you must enforce strong passwords.
You can find the password settings on the Advanced tab of the user profiles in Control Panel. You should include the option Include Case, Include Numeric Characters, Include Special Characters, and Exclude General Password Options. For a stronger password, increase the minimum length of the password to at least eight characters, although longer is better.
To prevent dictionary attacks, enable a method that allows an attacker to guess many passwords as quickly as possible Auto-Block. This option automatically blocks IP addresses after they have guessed a certain number of passwords and will fail in a short time. Auto-lock is enabled by default on newer Synology devices. You can find them under Control Panel> Security> Account. The default settings prevent an IP address from logging in after five errors in five minutes.
Finally, you should turn on your Synology Firewall. If a firewall is enabled, only services that you have allowed in the firewall can be accessed over the Internet. Note, however, that if you have a firewall enabled, you must set exceptions for some apps, such as Plex, and add port forwarding rules when using a VPN. The firewall settings can be found in Control Panel> Security Firewall.
Data loss and ransomware encryption are always possible with a NAS device, even if you take precautions. After all, a NAS is not a backup system, and the best you can do is perform offsite backups of the data. In the worst case scenario (ransomware or multiple hard drive failure), you can recover your data with minimal loss.