It is no secret that NAS devices are frequently targeted by ransomware attacks, and for good reason. Critical data is often stored on devices. Furthermore, NAS devices typically store large amounts of data. NAS devices run Linux operating systems, so malware written for servers is easily ported to these devices. Users of NAS devices often assume their storage systems are secure, and neglect to change default passwords or make the mistake of opening their device to the broader internet. Thus, NAS devices are not only high value, but are frequently soft targets for attacks. Worst of all, there aren’t any good ransomware security solutions available for NAS devices. The following high-profile attacks against NAS devices over the last three years have caused millions of dollars in damages and ransom payments:
In April of 2021 QNAP NAS devices were targeted by Qlocker ransomware. There was roughly $350K stolen in this attack, with hackers charging $500 to decrypt a device.
In August of 2021, eChoraix ransomware was used to target both QNAP and Synology NAS devices by exploiting CVE-2021-28799, a hardcoded credentials vulnerability.
In January of 2022, hackers launched a campaign against QNAP devices followed by a subsequent campaign against ASUStore devices in February of 2022. The attacks in 2022 were all perpetrated by the Deadbolt family of ransomware. In February of 2023, a critical CVE for QNAP NAS devices was released leaving them vulnerable to further exploitation by Deadbolt campaigns.
The best advice given to most users of NAS devices is to protect their systems with updates, firewall rules, and strong passwords. While helpful, these strategies don’t seem to be working. NAS devices continue to be held for ransom on a regular basis and this trend shows no signs of stopping. Fortunately, Synology, QNAP, and ASUStor NAS devices all run Docker, which means ZeroLock can be deployed on them with a simple Docker run command. ZeroLock provides the following features, making it ideal for protecting NAS devices:
- Containerized installation for deployment on any NAS device.
- Advanced AI-based behavioral ransomware detection that stops this last year’s ransomware family just as well as next year’s.
- Automated rollback capabilities that enable encrypted files to be instantly restored to their pre-attack state.
Interested in learning more? Reach out to Vali Cyber today for early access to ZeroLock’s patent-pending solution for NAS devices.