Usually, one of the main pieces of advice given to combat ransomware is to keep up-to-date backups of all your important data.
But Kaspersky research has shown that hackers are now able to target backups too…
Research on ransomware attacks on backups
The findings were revealed by Kaspersky researchers in the company’s IT Threat Evolution Report Q3 2019.
The new type of ransomware targets Network Attached Storage (NAS) devices and doesn’t use typical email phishing or website malware.
According to Kaspersky, cybercriminals do this by scanning IP addresses looking for NAS devices accessible via the web.
Only web interfaces protected with authentication can be accessed, Kaspersky says, but due to software vulnerabilities in devices attackers can actually get past the protection. As a result, they can remotely install the ransomware Trojan virus using exploits and encrypt all data on the NAS-connected devices.
While these types of attacks were previously rare, 2019 has seen a steady increase in ransomware variants specifically targeted towards NAS storage.
“This trend is unlikely to fade, as this attack vector proves to be very profitable for the attackers, especially due to the users being completely unprepared for them as they consider this technology highly reliable,” Fedor Sinitsyn, a security researcher at Kaspersky, said in a press statement.
Sinitsyn notes that most people are not aware that their NAS devices can be targeted.
“NAS devices are usually purchased as complete and secure products, which as it turns out is not the case. Consumers and especially business users need to therefore remain cautious when protecting their data,” Sinitsyn adds.
How to reduce the risk of NAS ransomware
Kaspersky has offered a few pieces of advice to businesses and consumers who want to protect their NAS devices from ransomware.
Their tips include:
- Always keep your operating system up-to-date
- Use security software that has specialised ransomware protection included
- Store fresh backups of your files on both physical devices and in the cloud so you have ways to recover it if your primary device or network is attacked
- If you do experience a ransomware attack, first find out if a decryptor can help recover your data. You can use Kaspersky’s No Ransom Tool to find available decryption tools.