Follow these 5 steps to protect your NAS against ransomware and keep your data safe

One of the worst things to happen to any network-attached storage (NAS) is ransomware. This is when a malicious party gains access to your networked storage and encrypts everything stored on the drives. A message will then be displayed with the means to wire funds for a key to unlock access. Thankfully, this is a rare occurrence, and the chance of it happening to you is low, so long as you follow some basic security rules. I’ll run through some things you can do right now to protect your NAS and all your data.

5

Be smart when online

Don’t open that dodgy email attachment

To remain safe online, you must be vigilant. Only visit websites you trust and take note of any certificate warnings from search engines and your browser. The same goes for using apps and services, including email. Spam mail is one thing, but phishing and potential attacks through this method of communication are becoming increasingly effective. If you don’t recognize the sender, don’t open the email and download anything, no matter what the attached files are called.

As soon as a client is infected on the network, it can act as a host for the malicious code to begin infecting other hardware on the LAN, including your NAS.

4

Update everything on your network

Clients, routers, and everything in between

Security vulnerabilities are discovered in software, which is why updates are rolled out with minor patches and fixes. Running the latest version of packages, operating systems, and firmware ensures your devices are best protected against all known threats. Running outdated software is asking for trouble, as you’re likely not protected by the latest vulnerability patches. Everything on your network needs to be using the latest software release, unless there’s a specific reason otherwise.

You mustn’t forget anything on the LAN, especially clients that can connect to the outside world. Your router (be it a custom box or supplied from your ISP), PCs, phones, IoT hardware, and home lab servers will all need to be regularly checked to ensure no important updates are available.

3

Consider using a VPN

Remain hidden and protected

You’ve likely seen us bang on about virtual private networks (VPNs) but they’re an invaluable tool in protecting yourself online. As soon as you have a connection to the outside world, you’re at risk of attack. Using a VPN will mask your connection by routing all requests to and from devices on your LAN through a provider’s servers. With encryption and proxies, you can safely connect to anything with peace of mind. Add a VPJN to your LAN, and you won’t even need to worry about individual clients.

A VPN can be considered your first line of defense against ransomware and malicious parties. Your ISP will even want to snoop on you, so maintaining your privacy is a welcomed side effect of using a VPN since all your data passing through the ISP will be encrypted. The best part of VPNs is the ability to run your own server from within your LAN. This can act as a channel for you to securely access your entire network when not at home and is a viable alternative to DDNS and reverse proxies.

2

Disable port forwarding

Secure your network!

Have some ports forwarded on your router? Disable the feature altogether. If you have services you wish to open up to external access, I recommend checking one of our guides on reverse proxies, VPN servers, and DDNS. These are all great ways to ensure you can connect to hosted content without compromising your entire network. Be smart and plan before committing to any network changes. It only takes one misconfigured security vulnerability to open the floodgates.

We’ve got some excellent in-depth guides on setting up various packages and services on home lab equipment, so be sure to follow our expert advice.

1

Back up all your data regularly

Keep multiple copies of all your data

This is the best way to shield yourself from ransomware attacks. Should your data become compromised, you won’t have any trouble getting everything back up and running, thanks to a recent backup. Ransomware is rendered useless when a recent backup is available since you won’t need to unlock access to encrypted data. With a backup, you can simply wipe the NAS, start anew, and load everything back onto the drives.

Once this has been completed, I suggest checking your LAN and ensuring you’re employing security measures. Consider a VPN, run some system checks on connected hardware, and minimize the exposure your NAS has to the outside world. We’ve also got some tips on how to protect your NAS against attacks, which can help keep your data safe. Always follow the 3-2-1 backup rule, as it can save you countless hours of headaches.

Related

4 backup strategies for your personal NAS

If you want to back up your NAS, these are the backup strategies you should consider.

Be smart when self-hosting services

Running services from your home lab setup is a great way to save money, learn some new skills, and take back control of all your data, but doing so can open up your LAN to unwanted risk. Allowing external traffic to be directed to services hosted on devices within your LAN can have the undesired effect of opening up your network. This is where encryption, reverse proxies, and VPNs can play a role in mitigation. It’s vital to consider securing your LAN and hardware before allowing anyone to connect to your services.

Fail to do so and you could end up connecting to your NAS one day, only to find everything on your drives encrypted with a message to wire funds for access. If you do encounter ransomware, do not give into the demands and reach out to local authorities. Protecting your LAN and everything running within it can also help secure clients from being infected with malware, spyware, and other malicious software.