Categories
Interior

How to secure your synology nas from ransomware

Recently, some Synology owners discovered that all the files on their NAS system were encrypted. Unfortunately, some ransomware had infected the NAS and demanded payment to restore the data. Here’s what you can do to secure your NAS.

How to Avoid the Ransomware Attack

Synology is warning NAS owners of several ransomware attacks that hit some users recently. The attackers use brute-force methods to guess the default password—essentially, they try every password possible until they get a match. Once they find the right password and gain access to the network-attached storage device, the hackers encrypt all the files and demand a ransom.

You have several options to choose from to prevent attacks like this. You can disable remote access altogether, allowing only local connections. If you need remote access, you could set up a VPN to restrict access to your NAS. And if a VPN isn’t a good option (because of slow networks, for instance), you can harden your remote access options.

Option 1: Disable Remote Access

How to secure your synology nas from ransomware

The most secure option you can choose is disabling remote connection features entirely. If you can’t access your NAS remotely, then neither can a hacker. You will lose some on-the-go convenience, but if you only work with your NAS at home—to watch movies, for instance—then you may not miss the remote features at all.

Most recent Synology NAS units include a QuickConnect feature. QuickConnect takes care of the hard work for enabling remote features. With the feature turned on, you don’t have to set up router port forwarding.

To remove remote access through QuickConnect log in to your NAS interface. Open the control panel and click on the “QuickConnect” option under Connectivity in the sidebar. Uncheck “Enable Quick Connect” then click apply.

How to secure your synology nas from ransomware

If, however, you enabled port forwarding on your router to gain remote access, you will need to disable that port forwarding rule. To disable port forwarding, you should look up your router’s IP address and use it to log in.

Then consult your router’s manual to find the port forwarding page (every router model is different). If you don’t have your router manual, you can try a web search for your router model number and the word “manual.” The manual will show you where to look for exiting port forwarding rules. Turn off any port forwarding rules for the NAS unit.

Option 2: Use A VPN for Remote Access

How to secure your synology nas from ransomware

We recommend just not exposing your Synology NAS to the Internet. But if you have to connect remotely, we recommend setting up a virtual private network (VPN). With a VPN server installed, you won’t access the NAS unit directly. Instead, you’ll be connecting to the router. The router, in turn, will treat you as though you were on the same network as the NAS (still at home, for instance).

You can download a VPN server on your Synology NAS from the Package Center. Just search for “vpn” and choose the install option under VPN Server. When you first open the VPN Server, you’ll see a choice of PPTP, L2TP/IPSec, and OpenVPN protocols. We recommend OpenVPN, as it’s the most secure option of the three.

How to secure your synology nas from ransomware

You can stick with all the OpenVPN defaults, although if you want to access other devices on the network when connected through VPN, you’ll need to check “Allow clients to access server’s LAN” and then click “Apply.”

You will then need to set up port forwarding on your router to the port OpenVPN is using (by default 1194).

If you’re using OpenVPN for your VPN, you’ll need a compatible VPN Client to access it. We suggest OpenVPN Connect, which is available for Windows, macOS, iOS, Android, and even Linux.

Option 3: Secure Remote Access as Much as Possible

If you need remote access and VPN isn’t a viable solution (perhaps due to slower internet speeds), then you should secure Remote Access as much as possible.

To secure remote access, you should log into the NAS, open Control Panel, then select Users. If the default admin is turned on, create a new admin user account (if you don’t already have one) and turn the default admin user off. The default admin account is the first account ransomware usually attacks. The Guest user is typically off by default, and you should leave it that way unless you have a specific need for it.

How to secure your synology nas from ransomware

You should ensure that any users you created for the NAS have complicated passwords. We recommend using a password manager to help with that. If you share the NAS and allow other people to create user accounts, then be sure to enforce strong passwords.

You’ll find password settings in the Advanced tab of the User profiles in the Control Panel. You should check the include mixed case, include numeric characters, include special characters, and exclude common password options. For a stronger password, increase the minimum password length to at least eight characters, although longer is better.

How to secure your synology nas from ransomware

To prevent dictionary attacks, a method where an attacker guesses as many passwords as quickly as possible, enable Auto-Block. This option automatically blocks IP addresses after they guess a certain number of passwords and fail in a short amount of time. Auto-block is on by default on newer Synology units, and you’ll find it in Control Panel > Security > Account. The default settings will block an IP address from making another login attempt after ten failures in five minutes.

Finally, consider turning on your Synology firewall. With a firewall enabled only services you specify as allowed in the firewall will be accessible from the internet. Just keep in mind that with the firewall on, you’ll need to make exceptions for some apps like Plex, and add port forwarding rules if you are using a VPN. You’ll find the firewall settings in Control Panel > Security Firewall.

How to secure your synology nas from ransomware

Data loss and ransomware encryption is always a possibility with a NAS unit, even when you take precautions. Ultimately a NAS isn’t a backup system, and the best thing you can do is make offsite backups of the data. That way if the worst should happen (whether that’s ransomware or multiple hard drive failure), you can restore your data with minimal loss.

How to secure your synology nas from ransomware

It’s a good idea to have an Antivirus application on your server, but don’t rely on it for ransomware protection.

If you don’t know what ransomware is, check out this post, or take my word for it: It’s really bad. Recently, there has been a wave of attacks that make Synology NAS ransomware susceptible, which has caused a lot of concerns. Not only Synology NAS is popular — I’m a fan myself — these servers are among the best ways to protect your data in the first place. They indeed are, but only when they are safe themselves.

This post will walk you through the steps of securing your Synology NAS against attacks.

How ransomware attacks Synology NAS servers

To keep your server safe, you need to know what makes it vulnerable. As far as I know, there has been no security vulnerability. In other words, when appropriately configured, your server is secure.

So far, hackers have gained access to some servers via brute force attacks — they keep guessing the usernames and passwords until they got a combination that works. It’s like trying a ton of keys on a lock, one by one, until one fits.

Unlike lock picking, though, hackers can use software to try hundreds, if not thousands, of combinations per second. They can run through an entire dictionary during an attack. It’s quite annoying. The good news is it’s relatively easy to fight against this type of break-in attempts.

How to keep your Synology NAS ransomware free

Generally, it’s always a good idea to keep your server up-to-date with the latest OS version. Also, install an antivirus package, such as the Antivirus Essential, which is free.

After that, there are two things more you should do: Practice secure user account management and enable auto-blocking.

How to secure your synology nas from ransomware

Using strong password rules is an excellent way to keep your NAS server safe.

Synology NAS ransomware protection: Secure user accounts

Here are what you should do with the user accounts:

  • Disabled the default admin account since everyone knows this account exists. Make sure you create another account and add it to the administrator group first.
  • Use multiple words for a username. For example, instead of “Dong,” use “Dong Ngo.”
  • Use a hard-to-guess password. You don’t need to use an overly complex one you can’t remember yourself. For example, “MyName1sD0^ng” is a tough password to guess, yet, quite easy to remember, for me at least.

In a Synology server, you can enforce strong passwords by using password rules. Here’s how:

  1. Log in to the server’s interface, open Control Panel
  2. Open User and then tab Advanced
  3. Check the Apply password strength rules and check more boxes underneath accordingly.
  4. Click on Apply.

Synology NAS ransomware protection: Auto-blocking

Auto-blocking is an excellent way to fight against brute force attacks. It enables the server to automatically block the IP address of an attacker after certain wrong guesses that take place within a specified period.

How to secure your synology nas from ransomware

Synology NAS ransomware protection: Enable the server’s Auto Block.

Here’s how to enable Auto-blocking on a Synology NAS server:

  1. Log in to the server’s interface, open Control Panel
  2. Go to Security and then Account tab
  3. Under Auto Block, check the box that reads Enable auto block
  4. Specify the parameters. Generally, fewer login attempts within a more extended period mean better protection. For example, the settings of 5 attempts within 5 minutes are more than enough to block brute-force attacks.
  5. Enable Block expiration if need be. If you don’t, the IP will be blocked until you manually unblock it.

And that’s it. Your server is now safe as long as you keep your password secure. By the way, there are more settings in the Security section that you can try applying, a bit of warning: some of them might make life difficult for yourself.

How to secure your synology nas from ransomware

Recent years has seen a substantial increase in the number of ransomware attacks taking place. What’s more is a large number of malware attacks continue to go unreported, according to a survey of IT professionals. How can one protect themselves from becoming the next victim? A Synology NAS is a solid start.

When targeted by a ransomware attack, criminals will attempt to lock away your data and attempt to sell you access. You’ll likely receive some kind of prompt telling about how your files have been encrypted and the only way to get them back is to pay for a decryption tool. For those who don’t back up their data, this is one of their worst nightmares.

How to secure your synology nas from ransomware

Often recommended is the resetting your PC to an earlier date before the attack. Some may even view the reinstallation of Windows as the only way to get systems back to normal. The issue is when you don’t back up everything on a regular basis, which involves the loss of files.

Luckily, if you haven’t been targeted yet, there are a few ways to better protect your PC, including the purchase of a Synology NAS.

Protect your PC against ransomware

To better equip your PC with the means to repel an attack, you should always ensure you’re running the latest release of Windows 10. The installed security suite should also be up-to-date and have the latest definitions to protect you against malicious files.

Windows 10 comes rocking security software built right into the OS that should be enough if you’re conservative while online. It’s also important to avoid any suspicious files downloaded, and disable remote access when you don’t require the feature.

Disable remote access

  1. Hit Windows Key + Q to bring up Cortana.
  2. Enter “remote access”.

Choose “Allow remote access to your computer”.

How to secure your synology nas from ransomware

  • Uncheck “Allow Remote Assistance connections to this computer”.
  • Hit OK.
  • You should now be blocking all outside attempts to gain access to your Windows PC.

    Use a Synology NAS

    One of your best weapons against ransomware is backing up on a regular basis and using redundant processes. It’s a good idea to keep your important files safe on a physical drive (simply copy and paste them in File Explorer), as well as full backups of Windows and PC data on a Synology NAS.

    Using cloud services can be handy, especially if you have the bandwidth available, storage space on said service, and don’t mind trusting a company to host your data, but you should also look at keeping copies locally too. A NAS does just this, allowing you to store backups from your PC on a network device.

    Should you be hit with ransomware, you can simply disable all external access to the PC, restore or reinstall Windows, apply a backup, and access all your files without paying out for the “decryption” of your own files, no matter how helpful these fine people appear.

    We may earn a commission for purchases using our links. Learn more.

    How to secure your synology nas from ransomware

    Hands-on with Windows 10 build 21354 showcasing new changes and features

    We’re back with another Windows Central build video walkthrough. Today, we’re taking a look at Windows 10 build 21354 that was just released in the Insider Dev Channel. It’s the first co_release build, but that doesn’t mean there aren’t new changes to check out.

    How to secure your synology nas from ransomware

    Review: Outriders is a genuinely fun looter shooter in spite of itself

    Outriders has been one of the most anticipated co-op games of 2021. Did People Can Fly manage to deliver a looter shooter that stands above its contemporaries? Here’s our review.

    How to secure your synology nas from ransomware

    These are all our picks for the very best Windows laptops available

    The HP Spectre x360 13 is our pick for the best overall Windows laptop you can buy, but there are a ton of other great options if you need something different. If you’re now working from home and need a quality device, you’ll find it here.

    How to secure your synology nas from ransomware

    Building a Plex server? You need one of these hard drives.

    Putting together a Plex server isn’t difficult, especially with some killer NAS units that can do all the hard work for you. When it comes to storage, you should always look at picking up one of these hard drives.

    How to secure your synology nas from ransomware

    Overview

    DSM has a new feature called Security Advisor that helps keep your Synology NAS safe. Security Advisor scans the overall configuration of your Synology NAS and provides detailed reports on its security status. In addition, Security Advisor will show you how to manage any identified security risks. Open Security Advisor and learn how to:

    • Run a security scan
    • View security rule reports
    • Manage security risks

    1. Run a Security Scan

    1. The first time you open Security Advisor, you will be asked what you use your Synology NAS for. Pick Home or Work depending on your situation and click Start. You can always change this setting later in the Advanced page. How to secure your synology nas from ransomware
    2. Security Advisor will start scanning your Synology NAS configuration. You can view the overall security status, scan progress, and results summary in the Overview page. How to secure your synology nas from ransomware
    3. Once the scan finishes, results for each category of security rules is displayed. Security Advisor will provide an overall status for each category and summarize any security risk findings. How to secure your synology nas from ransomware

    2. View Security Rule Reports

    1. Click View Results on the Overview page. You can view detailed information of your completed scan on a report-by-report basis. How to secure your synology nas from ransomware
    2. Double-click on any security rule to open a detailed report. Each report may contain information about the Severity, Description, Details, and Recommmended Action for each security rule. How to secure your synology nas from ransomware

    3. Manage Security Risks

    Let us take a look at an example of a failed security rule and walk through how to manage it.

    1. Security Advisor will identify potential security risks for any failed security rule. Here, Security Advisor detects that Auto Block is disabled. How to secure your synology nas from ransomware
    2. Open a failed security rule to view detailed information. Under Recommended Action, Security Advisor provides guidance on how to manage this security risk. How to secure your synology nas from ransomware
    3. Click on Open to go directly to the corresponding settings page and follow the Recommended Action.
    4. In the Results page, rescan the failed security rule by selecting the rule and clicking Scan. How to secure your synology nas from ransomware
    5. No security risks are detected for this security rule. Security Advisor will continue helping you identify potential security risks and recommend actions to manage these risks. Keep your Synology NAS safe by regularly performing scans in Security Advisor! How to secure your synology nas from ransomware

    The risk of malware infection remains on a constant rise with new infections rapidly spreading every hour, every day. Synology addresses this growing malware problem by introducing powerful security measures such as Security Advisor, as well as offering regular security updates to protect users from potential threats. Recently, we have witnessed new encryption-based ransomware targeting personal files and even network-based devices. Below, we will explain how Synology’s comprehensive multi-version backup solution can rescue your PC and NAS from malicious attacks.

    What is an encryption-based ransomware?

    Encryption-based ransomware, such as CryptoWall, CryptoLocker, and TorrentLocker, encrypts files stored on computers, and even network drives. Once infected, you are left with the option to either pay the ransom to regain access to your files or give up all your precious data previously stored on the computer or storage device.

    Crucial practices against ransomware attacks on your PC

    Ransomware has become a growing threat to home users and small offices with less sophisticated defense systems. Put an end to malware infections, here are some tips and tricks to avoid becoming another victim of ransomware.

    Update your operating system

    Outdated computer systems are relatively more vulnerable to ransomware attacks. This is why it is essential to perform regular software and operating system updates to improve the security of your computer.

    Install a reputable security suite

    Install a good antivirus software or a reputable security suite to help you detect and fight off malicious threats, giving you an extra form of protection.

    Avoid suspicious files

    Stay on guard and think twice before opening email attachments or clicking files from unknown sources. Watch out for suspicious files with hidden file-extensions such as “.pdf.exe”

    Disable remote access

    Malware often targets computers using RDP (Remote Desktop Protocol). Keep RDP disabled if you do not require remote access.

    Multi-version backup, your best weapon against ransomware

    Encryption-based ransomware is getting sophisticated and may not be detected by anti-malware software in time. Once infected, you will be locked out from your own data and there is still no guarantee you can retrieve your data even after paying the ransom! It is highly recommended to perform routine backups to restore infected files and minimize damage. Take advantage of multi-version backup — a robust backup solution allowing you to restore previous versions of the infected files.

    Back up your computer to NAS

    Back up NAS to cloud

    Back up NAS to expansion units

    Back up to an offsite NAS

    1. Back up your computer to NAS
    2. Back up NAS to cloud
    3. Back up NAS to expansion units
    4. Back up to an offsite NAS

    Back up your computer data to NAS

    Create a multi-version backup for point-in-time recovery to avoid paying a hefty ransom to unlock your data. Synology Drive Client is the perfect solution to backing up data stored on your computer to Synology NAS servers. You can retain up to 32 historical versions of a single file – kept safe from folder encryption. Learn more about Synology Drive Client

    Back up NAS data to other destinations

    Backing up locally just might not be enough should a more destructive ransomware attack shared folders on your NAS server through accessing file services on your PC. The best way to prevent this is to add another layer of protection by having uninfected backup versions stored in an offsite location. If you fall victim of ransomware, you can still access data stored at different locations.

    Hyper Backup

    Hyper Backup lets you enjoy a full range of multi-version backup destinations from local shared folders, expansion units, and external hard drives, to network shared folders, rsync server, and public cloud services.

    Hyper Backup also offers solid protection for local backup. You can isolate data from internet threats by configuring your PCs’ access privilege to certain shared folders on Synology NAS to further prevent outside forces from accessing critical backup data stored in your NAS shared folder. Learn more about Hyper Backup

    Snapshot Replication

    The cutting-edge Btrfs file system supports state-of-the-art snapshot technology on select NAS models. Snapshot Replication allows you to replicate data from a primary site to an offsite location up to every 5 minutes and 15 minutes for LUNs, ensuring all your critical data in shared folders or virtual machines in iSCSI LUNs can be recovered quickly in the event of disaster. Learn more about Snapshot Replication

    Steps to take when discovering ransomware infection

    In the unfortunate event that you have encountered a ransomware attack, do not fret. Turn off your WiFi or unplug your network cable — make sure you disconnect yourself from the internet immediately. The next step is to have your computer system completely wiped clean of infection. Make sure your computer is at a clean state before restoring previous versions of files that were backed up via Synology backup features.

    The risk of malware infection remains on a constant rise with new infections rapidly spreading every hour, every day. Synology addresses this growing malware problem by introducing powerful security measures such as Security Advisor, as well as offering regular security updates to protect users from potential threats. Recently, we have witnessed new encryption-based ransomware targeting personal files and even network-based devices. Below, we will explain how Synology’s comprehensive multi-version backup solution can rescue your PC and NAS from malicious attacks.

    What is an encryption-based ransomware?

    Encryption-based ransomware, such as CryptoWall, CryptoLocker, and TorrentLocker, encrypts files stored on computers, and even network drives. Once infected, you are left with the option to either pay the ransom to regain access to your files or give up all your precious data previously stored on the computer or storage device.

    Crucial practices against ransomware attacks on your PC

    Ransomware has become a growing threat to home users and small offices with less sophisticated defense systems. Put an end to malware infections, here are some tips and tricks to avoid becoming another victim of ransomware.

    Update your operating system

    Outdated computer systems are relatively more vulnerable to ransomware attacks. This is why it is essential to perform regular software and operating system updates to improve the security of your computer.

    Install a reputable security suite

    Install a good antivirus software or a reputable security suite to help you detect and fight off malicious threats, giving you an extra form of protection.

    Avoid suspicious files

    Stay on guard and think twice before opening email attachments or clicking files from unknown sources. Watch out for suspicious files with hidden file-extensions such as “.pdf.exe”

    Disable remote access

    Malware often targets computers using RDP (Remote Desktop Protocol). Keep RDP disabled if you do not require remote access.

    Multi-version backup, your best weapon against ransomware

    Encryption-based ransomware is getting sophisticated and may not be detected by anti-malware software in time. Once infected, you will be locked out from your own data and there is still no guarantee you can retrieve your data even after paying the ransom! It is highly recommended to perform routine backups to restore infected files and minimize damage. Take advantage of multi-version backup — a robust backup solution allowing you to restore previous versions of the infected files.

    Back up your computer to NAS

    Back up NAS to cloud

    Back up NAS to expansion units

    Back up to an offsite NAS

    1. Back up your computer to NAS
    2. Back up NAS to cloud
    3. Back up NAS to expansion units
    4. Back up to an offsite NAS

    Back up your computer data to NAS

    Create a multi-version backup for point-in-time recovery to avoid paying a hefty ransom to unlock your data. Synology Drive Client is the perfect solution to backing up data stored on your computer to Synology NAS servers. You can retain up to 32 historical versions of a single file – kept safe from folder encryption. Learn more about Synology Drive Client

    Back up NAS data to other destinations

    Backing up locally just might not be enough should a more destructive ransomware attack shared folders on your NAS server through accessing file services on your PC. The best way to prevent this is to add another layer of protection by having uninfected backup versions stored in an offsite location. If you fall victim of ransomware, you can still access data stored at different locations.

    Hyper Backup

    Hyper Backup lets you enjoy a full range of multi-version backup destinations from local shared folders, expansion units, and external hard drives, to network shared folders, rsync server, and public cloud services.

    Hyper Backup also offers solid protection for local backup. You can isolate data from internet threats by configuring your PCs’ access privilege to certain shared folders on Synology NAS to further prevent outside forces from accessing critical backup data stored in your NAS shared folder. Learn more about Hyper Backup

    Snapshot Replication

    The cutting-edge Btrfs file system supports state-of-the-art snapshot technology on select NAS models. Snapshot Replication allows you to replicate data from a primary site to an offsite location up to every 5 minutes and 15 minutes for LUNs, ensuring all your critical data in shared folders or virtual machines in iSCSI LUNs can be recovered quickly in the event of disaster. Learn more about Snapshot Replication

    Steps to take when discovering ransomware infection

    In the unfortunate event that you have encountered a ransomware attack, do not fret. Turn off your WiFi or unplug your network cable — make sure you disconnect yourself from the internet immediately. The next step is to have your computer system completely wiped clean of infection. Make sure your computer is at a clean state before restoring previous versions of files that were backed up via Synology backup features.

    How to secure your synology nas from ransomware

    Recently, some Synology owners discovered that all the files on their NAS system were encrypted. Unfortunately, some ransomware infected the NAS demanded payment to restore the data. Here’s what you can do to secure your NAS.

    How to Avoid the Ransomware Attack

    Synology is warning NAS owners of several ransomware attacks that hit some users recently. The attackers use brute-force methods to guess the default password—essentially, they try every password possible until they get a match. Once they find the right password and gain access to the network-attached storage device, the hackers encrypt all the files and demand a ransom.

    You have several options to choose from to prevent attacks like this. You can disable remote access altogether, allowing only local connections. If you need remote access, you could set up a VPN to restrict access to your NAS. And if a VPN isn’t a good option (because of slow networks, for instance), you can harden your remote access options.

    Option 1: Disable Remote Access

    How to secure your synology nas from ransomware

    The most secure option you can choose is disabling remote connection features entirely. If you can’t access your NAS remotely, then neither can a hacker. You will lose some on-the-go convenience, but if you only work with your NAS at home—to watch movies, for instance—then you may not miss the remote features at all.

    Most recent Synology NAS units include a QuickConnect feature. QuickConnect takes care of the hard work for enabling remote features. With the feature turned on, you don’t have to set up router port forwarding.

    To remove remote access through QuickConnect log in to your NAS interface. Open the control panel and click on the “QuickConnect” option under Connectivity in the sidebar. Uncheck “Enable Quick Connect” then click apply.

    How to secure your synology nas from ransomware

    If, however, you enabled port forwarding on your router to gain remote access, you will need to disable that port forwarding rule. To disable port forwarding, you should look up your router’s IP address and use it to log in.

    Then consult your router’s manual to find the port forwarding page (every router model is different). If you don’t have your router manual, you can try a web search for your router model number and the word “manual.” The manual will show you where to look for exiting port forwarding rules. Turn off any port forwarding rules for the NAS unit.

    Option 2: Use A VPN for Remote Access

    How to secure your synology nas from ransomware

    We recommend just not exposing your Synology NAS to the Internet. But if you have to connect remotely, we recommend setting up a virtual private network (VPN). With a VPN server installed, you won’t access the NAS unit directly. Instead, you’ll be connecting to the router. The router, in turn, will treat you as though you were on the same network as the NAS (still at home, for instance).

    You can download a VPN server on your Synology NAS from the Package Center. Just search for “vpn” and choose the install option under VPN Server. When you first open the VPN Server, you’ll see a choice of PPTP, L2TP/IPSec, and OpenVPN protocols. We recommend OpenVPN, as it’s the most secure option of the three.

    How to secure your synology nas from ransomware

    You can stick with all the OpenVPN defaults, although if you want to access other devices on the network when connected through VPN, you’ll need to check “Allow clients to access server’s LAN” and then click “Apply.”

    You will then need to set up port forwarding on your router to the port OpenVPN is using (by default 1194).

    If you’re using OpenVPN for your VPN, you’ll need a compatible VPN Client to access it. We suggest OpenVPN Connect, which is available for Windows, macOS, iOS, Android, and even Linux.

    Option 3: Secure Remote Access as Much as Possible

    If you need remote access and VPN isn’t a viable solution (perhaps due to slower internet speeds), then you should secure Remote Access as much as possible.

    To secure remote access, you should log into the NAS, open Control Panel, then select Users. If the default admin is turned on, create a new admin user account (if you don’t already have one) and turn the default admin user off. The default admin account is the first account ransomware usually attacks. The Guest user is typically off by default, and you should leave it that way unless you have a specific need for it.

    How to secure your synology nas from ransomware

    You should ensure that any users you created for the NAS have complicated passwords. We recommend using a password manager to help with that. If you share the NAS and allow other people to create user accounts, then be sure to enforce strong passwords.

    You’ll find password settings in the Advanced tab of the User profiles in the Control Panel. You should check the include mixed case, include numeric characters, include special characters, and exclude common password options. For a stronger password, increase the minimum password length to at least eight characters, although longer is better.

    How to secure your synology nas from ransomware

    To prevent dictionary attacks, a method where an attacker guesses as many passwords as quickly as possible, enable Auto-Block. This option automatically blocks IP addresses after they guess a certain number of passwords and fail in a short amount of time. Auto-block is on by default on newer Synology units, and you’ll find it in Control Panel > Security > Account. The default settings will block an IP address from making another login attempt after ten failures in five minutes.

    Finally, consider turning on your Synology firewall. With a firewall enabled only services you specify as allowed in the firewall will be accessible from the internet. Just keep in mind that with the firewall on, you’ll need to make exceptions for some apps like Plex, and add port forwarding rules if you are using a VPN. You’ll find the firewall settings in Control Panel > Security Firewall.

    How to secure your synology nas from ransomware

    Data loss and ransomware encryption is always a possibility with a NAS unit, even when you take precautions. Ultimately a NAS isn’t a backup system, and the best thing you can do is make offsite backups of the data. That way if the worst should happen (whether that’s ransomware or multiple hard drive failure), you can restore your data with minimal loss.

    How to secure your synology nas from ransomware

    Your NAS is probably one of the most important devices on your home network, but are you giving it the attention it deserves when it comes to security?

    The last thing you want is for your NAS to get hacked and/or invaded by malware, like the SynoLocker ransomware that crawled its way onto Synology NAS boxes a couple of years ago. The good news is that there are ways to stay protected from future attacks and prevent your NAS box from getting cracked into.

    Note: Most of the steps and images below are based on my Synology NAS, but you can do these things on most other NAS boxes, as well.

    Be Diligent About Updates

    How to secure your synology nas from ransomware

    Perhaps the easiest thing you can do to help secure your NAS is keep the software up to date. Synology NAS boxes run DiskStation Manager, and there’s usually a new update every couple of weeks.

    The reason you want to keep on top of updates isn’t just for the cool new features, but also for bug fixes and security patches that keep your NAS safe and secure.

    Take the SynoLocker ransomware as an example. Newer versions of DiskStation Manager are safe from this, but if you haven’t updated in several years, you might be vulnerable. Plus, newer exploits are always being released—another reason to keep up with updates.

    Disable the Default Admin Account

    How to secure your synology nas from ransomware

    Your NAS comes with a default admin account, and the username is most likely “admin” (real creative, huh?). The problem is that you usually can’t change the username of this default account. We recommend disabling the default admin account and creating a new admin account with a custom username.

    The reason for this is to give hackers yet another layer they have to break through. With a default account, they can use “admin” as the username and just focus on cracking the password. It’s similar to how people never change the login credentials of their router—by default the username is usually “admin” and the password is “password,” making it super easy to break in.

    By creating an admin account with a username like “BeefWellington” and then using a strong password, you severely decrease the chances of your account credentials getting cracked by a lazy script kiddy.

    Enable Two-Factor Authentication

    How to secure your synology nas from ransomware

    If you aren’t using two-factor authentication already for your various online accounts, then you should be. Your NAS likely has the capability for this, too, so take advantage of it.

    Two-Factor Authentication is great because not only do you need the username and password to login, but you also need another device you own (like a smartphone) to confirm the login. This makes it near impossible for a hacker to break into your account (although, never say never).

    Use HTTPS

    How to secure your synology nas from ransomware

    When you’re accessing your NAS remotely, you’re probably doing so over HTTP if you haven’t messed around with any settings. This isn’t secure, and can leave your connection wide open for the taking. To fix this, you can force your NAS to use a HTTPS connection at all times.

    However, you need to install an SSL certificate on your NAS first, which can be quite the process. For starters, you need a domain name to link the SSL certificate to, and then link your NAS’s IP address to the domain name.

    You’ll also have to pay for an SSL certificate, but they’re usually not more than $10 per year from any reputable domain registrar. And Synology even has support for Let’s Encrypt SSL certificates for free if you want to go that route.

    Set Up a Firewall

    How to secure your synology nas from ransomware

    A firewall is an overall good defense to have because it can automatically block any connection that your NAS doesn’t recognize. And you can usually customize the rules that it uses to keep certain connections open, while shutting all other connections out.

    By default, most firewalls on any device aren’t even enabled, which allows anyone and everyone through without inspection, and this is generally a bad idea. So be sure to check your firewall settings on your NAS and customize any rules to fit your needs.

    For example, you could have a rule that blocks all IP addresses from certain countries, or a rule that only allows certain ports from IP addresses in the US—the world is your oyster.

    Keep It Off the Internet In the First Place

    How to secure your synology nas from ransomware

    While all of the above steps are great things to do in order to keep your NAS secure, they’re not 100% safe by any means. The best thing you can do is to just keep your NAS disconnected from the outside world entirely.

    Of course, this isn’t easy to do, especially if you have certain programs running on your NAS that benefit from being accessible remotely (like using your NAS as your own cloud storage service).

    But the important thing to note here is that you’re at least aware of the risks when exposing your NAS to the outside world, and that the above steps won’t keep your NAS 100% safe, necessarily. If you’re looking for the best way to keep your NAS secure, it’s keeping it accessible to only your local network.

    The unofficial guide to your Synology

    2019-07-27 update: It is happening on the synologies too right now. Follow the guide below to protect yourself from the attack!

    Have you heard the news?

    A new ransomware is alive and kicking and is targeting all QNAPs it can find on it’s path.

    Yes, I know, this is a synology blog and the ransomware mentioned above is for QNAPs but no long ago, the same thing happened to Synologies, and this acts as a great reminder to take security of your NAS devices seriously.

    In this post, I will remind you of the minimum security settings that you MUST configure on your NAS to keep hackers away, or at the very least, discourage them from attacking just your NAS.

    What is a ransomware?

    Ransomware is a piece of software — malware — which encrypts documents on a PC or even across a network. Victims can often only regain access to their encrypted files and PCs by paying a ransom to the criminals behind the ransomware.

    What is eCh0raix?

    eCh0raix is a new ransomwsare active right now on the internet, that targets QNAP NASes that have weak passwords or old operating systems. In other words, the easiest kind of attack and one you can prevent easily.

    DON’T make it easy for hackers to get your data!! If they want it, make them work hard to get it.

    My own rule on security.

    How can you protect your NAS from this attacks?

    There are a lot ways to do this, and I am going to show you the most important:

    1. Keep your DSM up to date. ALWAYS!! This one is a no-brainer, takes zero effort to do (you can have your synology update itself when a new update comes) and it will protect your from the most basic forms of ransomware.
    2. Another no-brainer: Stay away from weak passwords. Synology has a feature where you can enforce strong passwords for all, do that!
    3. Another duh-tip: disable your admin and guest account. With those enabled, you are giving 50% of your login to your hackers.
    4. Install 2-step authentication: “One apple a day, will keep your doctor away”–kind of solution 😉
    5. Have a great backup plan for your data, so you can always recover it if your data gets hacked. If there is something that Synology is great at, is actually backups.
    6. Give read only access to your backup folders.

    And some recommendations from Synology themselves:

    • Enable Auto Block in Control Panel and run Security Advisor to make sure there is no weak password in the system.
    • Enable Firewall in Control Panel, and only allow public ports for services that are necessary.

    There are obviously more things you can do to protect your NAS, but if I add them all, you probably will do non, overwhelmed by all the options.

    Do this NOW, thank me later.

    Ok, now open your NAS and at a minimum do: 1,2,3 and 4.

    Do it NOW, don’t wait to coffee break, or that phone call or anything else. It takes, 5-10 min. You can thank me later.

    Have a great ramsoware-free day!!