PROTECT YOUR FILES - How to Protect your Synology NAS from Ransomware / Crypto ATTACK \\ 4K TUTORIAL

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

Is there a tldr for this?

πŸ‘οΈŽ︎ 36 πŸ‘€οΈŽ︎ u/poldim πŸ“…οΈŽ︎ Jan 24 2021 πŸ—«︎ replies

Pretty sure it's called ransomware, not "random ware".

πŸ‘οΈŽ︎ 49 πŸ‘€οΈŽ︎ u/porkchop_d_clown πŸ“…οΈŽ︎ Jan 24 2021 πŸ—«︎ replies

Very informative and good quality, your time spent with the explanations was well worth.

πŸ‘οΈŽ︎ 12 πŸ‘€οΈŽ︎ u/netnetnetnetrunner πŸ“…οΈŽ︎ Jan 24 2021 πŸ—«︎ replies

I like this guy’s videos.

But Snapshots don’t completely defend against ransomware. Sometimes attackers steal user’s data and upload it to a remote server. They then threaten to publish victims photos etc if the victim doesn’t pay the ransom.

πŸ‘οΈŽ︎ 5 πŸ‘€οΈŽ︎ u/chaplin2 πŸ“…οΈŽ︎ Jan 24 2021 πŸ—«︎ replies

Great video! Thanks πŸ‘

πŸ‘οΈŽ︎ 3 πŸ‘€οΈŽ︎ u/eivamu πŸ“…οΈŽ︎ Jan 24 2021 πŸ—«︎ replies

Amazing video, thanks

πŸ‘οΈŽ︎ 3 πŸ‘€οΈŽ︎ u/Top_Meringue_8400 πŸ“…οΈŽ︎ Jan 24 2021 πŸ—«︎ replies

Thanks for the great video !

He did other videos to harden your NAS:

How to Secure your Synology NAS https://youtu.be/qCULKjaLf08
How to Secure you Synology with Two Factor Authentication https://youtu.be/MBD7D_6MLtY

πŸ‘οΈŽ︎ 3 πŸ‘€οΈŽ︎ u/shinji2001xyz πŸ“…οΈŽ︎ Jan 25 2021 πŸ—«︎ replies

Thanks man

πŸ‘οΈŽ︎ 2 πŸ‘€οΈŽ︎ u/faratnight πŸ“…οΈŽ︎ Jan 24 2021 πŸ—«︎ replies

I followed all his steps but when I go to recover I find "Restore to this snapshot" greyed out. Anybody know why?

πŸ‘οΈŽ︎ 2 πŸ‘€οΈŽ︎ u/Evolved_1 πŸ“…οΈŽ︎ Jan 24 2021 πŸ—«︎ replies
Captions
all right how's it going neil today we're talking about how to avoid getting your nas cryptoed basically how to avoid getting ransomware where basically an attacker comes in encrypts all of your files and says hey you've got to send me 300 with a bitcoin to decrypt your files this is a really common attack and it's been happening more and more often recently you basically get a note in your file system that says hey your nas has been encrypted if you want to get your data back send me this money at this bitcoin using tor and this is something unfortunately that nobody's been able to decrypt that's the problem with encryption it's really good it is really easy to encrypt a file and if you don't have the decryption key you're not going to be able to decrypt that file unless you've got some very special circumstances like what we're going to talk about today with dsm so this tutorial is going to be done in dsm 7 but this will work exactly the same in dsm-6 and so now let's talk about the really basically two different ways that your nasa is at risk there's direct attacks and indirect attacks a direct attack is basically somebody directly attacking your nas meaning they are searching the port 5000 on your router and being able to log in like that or finding other vulnerabilities directly on your nas the second and most common method of attack is actually an indirect attack basically all the attacker has to do is get a computer on the network that is mounted in smb share or any other share of the synology nas to get that infected they then use that infected computer to encrypt every single file system they can find that's mounted basically this is the easiest way for attackers to do this getting a virus on a computer is so much easier than getting a virus on a nas because you're not running executable software for the most part on your synology nas 99 of users are only going to be installing the synology approved package center and so there's very low risk of attack there though there is always risk of somebody brute forcing your way into your nas but the really easy thing for an attacker to do is get you to run executable that executable then has the ability to start encrypting files all over your computer that are not basically locked down and so this is a really easy method for attackers to use because it's just so ubiquitous all they have to do is get the software on one computer in the network and they can spread it however they'd like to and encrypt any network shares that this has access to the good news is while it is the most common it is also the easiest to defeat with synology nas we're going to talk about that in a minute here as for the direct attack we're not going to be talking about that as much in this video really we're going to be focusing on that indirect tack which is the most common but i've already covered how to protect yourself from a direct attack mostly with my synology security video that's all about locking down your ports only opening up applications that you really need and also having a good strong password with two-factor authentication then if you follow those steps in the security video and i'll go ahead and leave a link to that in the description below you should be pretty well protected from a direct attack i'm not going to say it's perfect because nothing in computer security is ever perfect however you're going to be very protected and i would not worry too too much about a direct attack all right so now we're going to talk about how we can pretty easily set up synology to really protect ourselves from those indirect attacks that's where a computer starts encrypting a bunch of files on the network via a network share and you can protect yourself really well using synology btrfs and also making sure you have a separate admin account so first off let's talk about the admin account most users of synology simply have one account it's always an admin account and they're always using it for whatever they do for smb or whatever they're always just connecting with that admin account this means that if that account gets compromised that account and whoever's compromised it will have total access over your nas they can delete all your backups they can do anything they want to like that assuming they're able to go into an internet browser and start attacking it like that it is a little bit more difficult than just spidering through a network and finding any network shares and encrypting that but they could pretty easily if they had those login credentials so what we're going to do is we're actually going to set up a separate admin account and then we're only ever going to log into your nas whenever you need to do something admin related with that admin account you're never going to use smb for it you're only ever going to connect with smb over your regular user account and then we need that permission upgrade for like configuring settings all those wonderful things you're watching my tutorials for you'll log in with that admin account and this way the admin account is going to be a lot less likely to get compromised and the second thing we're going to do is we're really going to leverage the power of btrfs and bto rfs snapshots unfortunately this does require your volume to support btrfs and your primary volume has to be btrfs it cannot be ext4 so if you've got that set up you're either going to have to rebuild or just not be able to do this though you could do a similar thing using hyper backup and constantly have backups you should be backing up your nas anyway but i know a lot of people just don't have backups and so that's why ransomware's attacks are so effective is because it's their only source of the data all right so basically what we're going to do with our btrfs snapshots is we are going to have snapshots taken every hour or something like that and these are very thin snapshots so it's really not going to increase our storage that much then we'll keep the snapshots for 30 or 90 days depending on what you want to do and then they'll be deleted and so the only thing about that is any files you delete off the nas you will not get that storage back for at least another 30 or 90 days depending on what you set up though if you are doing a big old clean out and you know your data is all secure you what you can do is you can basically go okay i've cleaned out my nas i want that storage back i'm now just going to empty out all those old snapshots and so you'll get your storage immediately back doing that but it is a bit more of a manual process though the rest of this will be completely automated and so you'll forget about it until the day you get cryptoed and then you'll remember oh yeah i set something up about that alright so now that we've had that overview of what we're going to be doing let's go ahead and start it up and so right now i'm going to go ahead and log in dsm currently i'm on dsm 7 but that's ok this will work exactly the same in dsm-6 as long as you've got btrfs snapshots and this is basically a brand new nas as you can see i'm logging in with the account will and i'm just going to enter the password and we're just going to go into control panel and go into user and groups so right now you can see there are three accounts and only one of them is real the guest account and the admin account are disabled you want to make sure both of these are disabled unless you really need a guest but you should not ever enable this admin account and then there's finally this real account which is will which is the admin and the only account on the system and so this is probably what your setup looks like almost everybody just has one account in its admin but instead what we're going to do is we're going to create a second admin account and we're going to remove the admin privileges from this current account and so what we're going to do is we're going to go into create and we'll create a admin account you can do something like your name underscore admin for this though that username is guessable i'd say it's still not too much of a thing to worry about just make sure your password is strong and so you're going to want to make sure to have a very strong password here that is different from the password you are already using on the regular account otherwise is all kind of renowned and so we've just created this new account and we're going to go into next and we're going to set him as an admin yada yada yada yada he'll have permission anything anyway and so now we're going to go ahead and log off and we're going to log into that new admin account and so we're going to sign in with will underscore admin this time and this way we're going to log in with that admin account we created and so it's hey dsm 7 so this is our new account and i'll close out all this new stuff and it is once again an admin account now what we're going to do is we're going to go into control panel and what we're actually going to do is we are going to take away the admin privileges from our main account and under user groups we're going to remove them from the admin group and so now this will just be a basic user account we'll want to go through and edit its permissions really quickly just to make sure it still has read writes all the shares you need it to have read write to but once you're done with that you'll have basically set up your normal account that you've been using all the time as just a user account and so that way you won't be able to configure special services in there but you'll have to use this admin account for that but it will be very secure because even if somebody got that username and password then they're just going to be able to edit files and things like that but they will not be able to touch your backups those are reserved just for admins and so now that you've made sure you've got read write all the shares you need we can go ahead and save this and now we've just downgraded that account to a user account and so remember this will which is your primary user account is the one you're going to be logging in all the time with smb and everything like that then this will admin or whatever you call it is going to be your admin account you should only ever log in over dsm basically directly into this web interface and you should never log in with smb unless you have a very specific reason to i don't know of any that you would so i would really not recommend doing that because they have admin privileges then all right so now we've got that more secure admin account which is great and so we're still logged in as the admin so we can start configuring some packages we're now going to need to go into package center and we're going to need to download snapshots and we are going to download snapshot replication services yours will not say join beta unless you're also on dsm 7 beta once dsm 7 is released it'll obviously be a release version and so i'm just going to install replication service and so snapshot replication is really the key to how we're going to be doing btrfs snapshots and really protecting our account from anything it doesn't even have to be a crypto attack honestly it can just be a stupid delete or somebody accidentally corrupting a file and you'll be able to roll back all those things it's a really great setup and the best part of it is that snapshots are ultra thin that means they're not going to take up that much storage on your nas and so you can keep hundreds of them and it's not going to fill up your drive they only store the deltas which is really the power of btrfs so now that that's installed we're going to go ahead and open it and so now what we can do is we can start setting up snapshots so to do that we're going to go into snapshots and we're going to select each storage volume currently i only have this one shared folder so i'm going to select it and click settings and i'm going to enable a snapshot schedule you've got a ton of different options here so you can say run daily weekends weekdays i'd recommend daily and then frequency we'll run this every hour and so it'll basically run a snapshot every hour from midnight to 11 so basically every hour it'll take a snapshot and then for retention what we'll do is we'll enable a retention policy and what we'll do is we'll have an advanced retention policy and we'll set some rules here real quick so we'll say we'll keep all snapshots for one day that's just good you'll have 24 snapshots keep the latest snapshot of the hour for 24 hours we don't need that keep the latest snapshot of the day for seven days you're definitely going to want that and then keep the latest snapshot of the week for two weeks that's not too bad maybe four weeks and then keep the latest snapshot of the month for we'll say three months and then we won't have any yearly snapshots so basically what this is going to do is it's basically going to do a smart recycle and so it's going to be deleting certain versions of files so they don't really stack up for more protection basically increase these numbers but it will also mean your data will get larger if you're doing a lot of changes what this is essentially going to allow us to do is basically for the last three months we'll be able to get all of our data back if somebody cryptoed it 90 days is actually a pretty good idea because cryptoing data can actually take a really long time and so you're going to want access to these older files and so in some ways maybe even we say we want a weekly version of everything for the past eight weeks because remember these are pretty thin and i'd say that's even more secure it might take some digging to go through and find out hey this is when the file started getting cryptoed this is a good version this file this file in this file but the files will be there which is by far the most important part of all of this and so you can set this up you can toggle these values some but it's really up to you but i'm happy with this so i'm going to go ahead and click ok and so now under advanced we don't really have anything that we need there is the snapshot visible which can be really nice to have and actually i'm going to go ahead and say yes make snapshots visible this way you don't have to log into your admin account to see these snapshots though if we are really going to make sure that the person crypto in our nas doesn't realize we have the ability to have snapshots we can disable that i'd still say it's worth it to have that and so that way you can easily navigate to other snapshots and if you do all this correctly it doesn't matter if they know that snapshots exist on your nas because they're not going to have the ability to remove them which is the really important part of all of this and so now we just click ok and we're set gonna say okay all right and so now we have snapshots running every hour and so this is the meat to our entire thing i'm gonna show you how this all works so first off i'll just take a snapshot really quickly so now i've just taken a snapshot but now let's say i'm a bad person and now i want to go through and i'm cryptoing this nas or i'm going to change things basically there are all these great files that he's got well let's go ahead and delete them realistically they'd be in the recycling bin but hey we're just going to say they're deleted or we can say that they're corrupted or anything like that basically these files no longer exist this is actually going to take quite a while because i put two terabytes of data in here i don't know i need to give all that data in there but hey we got it and let's even go through and delete them out of the recycling bin because we're admin we can actually do that and remember this attack is most likely going to be happening on the smb share so it would be like if i mounted this share on my mac and was starting to corrupt the files and encrypt the files that's where this attack is most likely to happen and so that's where we're going to call it also i am on my admin account right now so i was able to delete the trashcan but one thing that does not end up in a trash can is a modification of a file you don't have every single version of a file in the trashcan because you changed a word in it no it only puts things in the trashcan that are deletes and so that's really why cryptoing and nas is so powerful is because it doesn't end up the recycling bin it only ends up in this new file and the only way to get that is to pay them or sometimes you can recover data if it's just been overwritten to another section of the hard drive but generally they're pretty good about not letting that happen all right and so now this is simulating what would happen if our nas got cryptoed basically we'd go into main we'd see that hey there's this text file in here says read me if you want your files back and it basically says hey if you want your files back you've got to send me 300 with a bitcoin and then all of your files will end in this dot encrypted file format and so if that were to happen to you and this is actually one step further where the files were completely deleted then you're going to be able to recover it and there's two reasons why you're going to be able to recover it one because we set up btrfs and so that means that we're going to have these snapshots and two because of the way that btrfs snapshots work a snapshot actually counts towards space because it's not really a backup but really a point in time that everything is stored with deltas afterwards it doesn't mean that if you start running out of space it'll start deleting these snapshots and so there's no way that the adversary could go okay well i'll just fill up the drive then remove a bunch of stuff so everything will be overwritten instead what will happen is it will just act like your data is still there and so if we go into storage manager for me right here we will see that even though i deleted all those files i still have 1.8 terabytes of data in there and so if i were to fill those up with those encrypted files they would take up a lot of space but the adversary would actually probably run out of storage on your nas before your entire file system was encrypted unless of course you had less than half your storage full and so because they are just a regular user they're not going to be able to do anything about this and so what you can do is once you've figured out what computer has caused the virus all you have to do is go back into snapshots and so then you can go okay hey look i'm going to recover my snapshot i'm going to recover this one and i'm going to restore the snapshot and i would highly recommend saying take a snapshot before restoring unless you're almost out of data so what this does is that way you can start going through and finding the deltas of files of like hey this is a little too old when he started encrypting so i want this version of that file that was not encrypted and so that way you can go back to that point and it won't just delete it if you do not click this that snapshot will just be gone forever and so all the encrypted files will be gone together but also some of that history might be gone too so i would just be really slow and really careful and methodical when you are restoring from this but your data is there and that is the most important part and so we're just going to click ok you can see that there is now this new snapshot and if we go back to my file system now and do a little refresh it's just like nothing ever happened all of my files are back now and so we are good and so this is the perfect solution to those indirect tax where somebody is encrypting your data and forcing you to pay the money because what you can do is you can just go back and roll back any single version of a file this is not just good for rant somewhere it's also great for just stupid errors you make say you didn't like an edit of a photo you put up but you've only got this new version of it well what you can do is you can go hey i've got snapshots i'll go back two hours ago oh that's what that file looked like and just restore it in line like that you can actually go through with a replication and with recovery you can select one and under action you can clone with a new name you can literally just create a new shared folder and basically have two different shared folders that are the same folder is just from different times and so now if we go back to file station boom it's just like that and so you don't even have to delete the first folder honestly i am incredibly impressed by how great snapshots are and this is exactly how you can defeat an indirect ransomware attack all right well that's going to be it for this tutorial i really hope this was helpful and stay safe out there i would really highly recommend watching my security video as well because this is only half the battle maybe a little bit more than that because it is the most common attack method but there's so many other things like which ports do you open up how strong your passwords are and two-factor authentication that can really bring you the last little bit to really give you a very secure nas it's incredibly important because you're putting very important data on your nas also snapshots are not a backup rate is not a backup the only backup is a backup all right well that's it have a good one bye [Music] you
Info
Channel: SpaceRex
Views: 68,201
Rating: undefined out of 5
Keywords:
Id: uausl6HeFjg
Channel Id: undefined
Length: 21min 13sec (1273 seconds)
Published: Sun Jan 24 2021
Related Videos
NAS Madness! Qnap Qlocker Ransomware, Synology BTRFS Controversy and Protecting Yourself!
Lon.TV
28K
How to Secure your Synology NAS | 4K TUTORIAL
SpaceRex
54K
2020 Getting started with pfsense 2.4 Tutorial: Network Setup, VLANs, Features & Packages
Lawrence Systems
586K
Ransomware Protection β€” Synology Webinar
Synology
61K
What Synology Should You Buy? | Everything You Need To Know!
SpaceRex
78K
How to Setup a Synology NAS for the first time in DSM 7 (Complete Guide for 2021+)
SpaceRex
24K
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.1M
Synology HyperBackup to External HardDrive | 4K TUTORIAL
SpaceRex
37K
How to Setup the New Synology DSM7 Photos & Can it Replace Google Photos?
SpaceRex
26K
Replicating my Synology to my Brother's House
TheGeekPub
108K
NAS Hard Drives - Before You Buy
NASCompares
87K
Synology DS1819+ 10Gb NAS Complete Setup SHR2 Is 4K Video Editing possible over 10Gb connection?!!
Rob Cavaleri
10K
Synology NAS Setup Guide Part I - 2021/2022 - DSM 7 - RAID - VOLUMES - SHARES - MAPPED DRIVES
NASCompares
63K
Let's talk storage, Why I prefer & recommend Synology & SHR 1 & 2 Crash Demo
ArtIsRight
6.9K
HOW TO MAKE A SUPER EXTENSION CORD! (Perfect for Christmas!)
Stud Pack
1.1M
Top Synology Feature - Backup Any Windows PC to a Synology NAS with Active Backup for Business
SpaceRex
19K
The Top 15 Reasons Your Synology is SLOW (and how to fix them)
SpaceRex
31K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.