How safe is a NAS server against threats like WannaCry?

[steffeeh]

Like the title says, let's say I get a Synology NAS housing (or other) and add in a WD Red, no RAID config, and one use case scenario is that we only use this in our household, while the other is so the rest of our family living on their own also can access the NAS from outside the local network (haven't decided on which one yet) - would the data on the NAS still be safe in the event of a ransomware attack like the current one?

EDIT: The NAS will be used to create full image backups of computers, so no actual external storage there.

 

[The Paladin]

Well WD nas is not using windows, so in theory it should not be affected.

 

[steffeeh]

Well this time it was bound to Windows, but in a scenario with a ransomware not exploiting a security issue on a specific OS? Or worms in general?

 

[The Paladin]

to prevent people to access Data on a NAS, one must encrypt (as in a computer) the OS running the NAs, maybe it be Free NAS or other. the rule of worms /malware remains consistent for this to remain true. I am not saying it is not possible, I am saying less likely.

 

[steffeeh]

I actually forgot to mention that the NAS will be used to create full image backups of computers, so no actual external storage there.
Stupido me, I'll edit it in into the OP as well

 

[cmariotti]

The answers above are not completely comprehensive and don't touch on the realities at hand.

Firstly, the 'infection' is a program that runs in windows that systematically goes through your files and encrypts them... this type of system has been happening for years. Aside from the usual way of spreading itself, what is 'unique' is that it also scans your local network for devices that have a specific vulnerability (unpatched) and remotely infects those machines... this creates an army of devices on the local network if there are a lot of unpatched machines. This isn't fun when portable machines are involves (everyone comes into the office on Monday and someone is infected), etc...

Since most NAS systems run on non-windows stack, it is not possible for them to be infected by a windows program...

However, since a machine would have access to the data stored on the NAS (company file shares, etc..)... if that user has read/write access to files, those files are fare-game for being encrypted and held hostage... So if you have your backups or files shares on NAS, they can get encrypted and you are SOL... unless you have a not-accessible backup folder... and historical backups are stored there... Keep in mind, it might take days to just figure out you've been hit... so you need days worth of backups. Versioning systems would help, but you need to have lots over versions and the file system itself, can't be compromised.

It is a matter of time before they start getting more aggressive in this manner, so protect yourself now.

Way back in the day, machines would get viruses... isolated to a single machine. Then along came one that crawled networks shares... and instead of 'deleting' files (which you can undelete), it would over write the files with zero length size... effectively making it very, very hard (impossible at the time) to undo the damage... this is the same, but encrypting.

It's only a matter of time.

 

[steffeeh]

So you're saying that in an attack like this it's beneficial to have let a program automatically backup an image file of your entire system to the NAS without enabling read/write access to the user, rather than to manually drag and drop your files using a file browser (i.e read/write access)?
Because this is what I intend to do with my NAS - no external storage, just pure full system backups in case of machine failure or file system corruption on a computer. So no one will be able or allowed to browse the NAS and copy photos to it manually.

Can a RAID 1 configuration help with this? Obviously the mirror drive would mirror the new encryption caused by the ransomware, but perhaps it's possible to head into the RAID config and set it up so the mirroring is delayed by perhaps a few days? In that case one drive could get infected, but the other one would still be clean for a few days... if this is possible?