Ransomware attacks targeting network-attached storage devices (NAS) have exponentially increased in recent months.
NAS systems, available for business purposes and home setup, are devices connected to a network to provide centralised storage capacity and backup data.
The number of ransomware strains targeting NAS and backup storage devices is growing, with users as yet still unprepared for the threat.
Ransomware has many different guises. The malware variant is popular with cybercriminals who use it to attack businesses, critical services – including hospitals and utilities – and individuals.
Once deployed on a system, the malware will usually encrypt files or full drives, issue its victim with a ransom note, and demand payment in return for a way to decrypt and restore access to the locked content.
There’s no guarantee that paying will result in decryption, but many will do so rather than lose their files; and when critical systems such as those at government bodies or healthcare providers are locked, there’s additional pressure to return to normal operations as quickly as possible.
The average consumer will often come across ransomware deployed through phishing campaigns and fraudulent messages or bundled within illegitimate or compromised software. However, researchers say that network-attached storage devices (NAS) are now also under direct threat from malware operators.
The devices may be accessed directly through a network or may have a web interface. The problem is that user authentication can sometimes be bypassed due to integrated software in NAS systems that have vulnerabilities.
To begin an attack chain, operators will first scan a range of IP addresses to locate internet-accessible NAS devices. Next, they will attempt to exploit its vulnerabilities and, if successful, deploy Trojans and begin encrypting the data of all the devices connected to the NAS unit.
Researchers cite WannaCry as the most popular type of ransomware used by cybercriminals, followed by Phny and Gandcrypt.