Is it possible for ransomware to attack a NAS and nothing else on a network if the NAS is only connected to one computer?
Having a QNAP they routinely get attacked, when I read the firmware update changes, the cause usually seems to be some service that connects to the internet, the last one I recall was QNAPs solution to access your NAS from the internet.
To my mind, I can’t see how anything can get onto my network from the internet, unless my OpenVPN connections were compromised I suppose, I’m running a well configured pfsense.
If your NAS was compromised, I can’t see how it can access any devices, I mean if your laptop doesn’t have any known flaws is patched up, it must be difficult. It can see what else is on the network obviously but to brute force must be tricky if your account locks on 3 failed attempts.
To be sure a Pen Tester is the best person who can answer the question.
Generally, your NAS is safe from external threats if you:
- Don’t expose NAS to WAN, i.e. port forward
- Disable UPnP in FW and NAS
- Don’t use vendor cloud based remote access, set up a VPN instead if necessary
- Update firmware and/or enable automatic updates
That does not protect against threats if malware/ransomware gets inside your network, i.e. phishing emails, infected web sites, etc. In which case, your entire network could be compromised. It all depends on what vulnerabilities the malware/ransomware is targeting.
1 Like
As a note, this was just a testing NAS. Found out it was the 0xxx ransomware. This in no way affects me. As this was just test junk on the NAS. Was gonna blow it away as it doesn’t affect me, but noticed there were no decryption tools for this ransomware. Should I post it somewhere?