Awareness Advocate On Ransomware Targeting NAS Systems

Researchers at Kaspersky have discovered a previously undetected encryption ransomware attack that targets network-attached storage systems. The ransomware findings were revealed in Kaspersky’s Q3 IT Threat Evolution Report.

Experts Comments

December 03, 2019
Javvad Malik
Security Awareness Advocate
KnowBe4
Ideally NAS and other backup systems should be offline and especially not accessible through the internet. Any organisation with NAS devices should ensure they are kept fully patched and up to date to prevent criminals from being able to directly infect them, or use the NAS as a launchpad into the environment. Backups should be shipped to offsite locations frequently, so that even if onsite NAS is infected or fails, there is a safe copy from which data can be restored. Most ransomware is.....Read More
Ideally NAS and other backup systems should be offline and especially not accessible through the internet. Any organisation with NAS devices should ensure they are kept fully patched and up to date to prevent criminals from being able to directly infect them, or use the NAS as a launchpad into the environment. Backups should be shipped to offsite locations frequently, so that even if onsite NAS is infected or fails, there is a safe copy from which data can be restored. Most ransomware is successful either due to taking advantage of unpatched systems or through social engineering attacks. So organisations should take stock of their assets and ensure any publicly exposed ones are kept patched as well as ensuring all staff receive regular and up to date security awareness and training.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.