Hello everyone! My name is Rowdy, and I’m a technical account manager with Synology. Thanks so much for joining us for this training session. Today, we're going to take a look at a topic that is top of mind for everyone in the IT industry. How to protect yourself and your business from the threat of ransomware. We're going to approach this training in three parts. First, we're going to take a look at the threat that
ransomware can pose to your organization, as well as the two major vectors by which
ransomware can make its way into your environment. After that, we'll take a look at the common
methods by which a hacker might try to infect your Synology device with ransomware, as
well as the preventative measures you can take to prevent your NAS from being invaded by
a nefarious hacker. Finally, we'll look at the different tools available that will help ensure your data is secure in the event that you do find yourself being in the worst-case scenario of being compromised by a ransomware hack. Let's start by taking a closer look at the phenomenon of ransomware and also look at the most common ways in which a ransomware hacker
will be able to gain access to your environment. It's no secret that ransomware is in the news on a near-daily basis, and the results are chilling. Ransomware was already a major problem leading up to 2020, but the shift to remote work within the last year has
only made the threat even more severe. Purplesec, a cybersecurity research firm based in Washington DC, estimates that the global cost of ransomware attacks nearly doubled from 11 and a half
billion dollars in 2019, up to a staggering 20 billion dollars in 2020. No one is safe from a ransomware threat. Fortune 500 companies, government agencies, educational institutions, and even healthcare providers have all bore immense costs from ransomware hacks. There is no reason to believe that your organization is completely safe from being attacked by a ransomware hacker in the near future. Ransomware is defined as malicious software that restricts access to data until demands are met. The standard process involves a hacker gaining access to your environment, and then encrypting all of your data. Effectively locking you out of your entire storage pool. They usually demand payment in the form of cryptocurrency in order to keep their identity anonymous. The scariest part is that even if you acquiesce to their demands and follow up with the payment, there is no guarantee that the hacker will hand the data back to you. And in a lot of cases, they might take the money and run without making good on their promise to give you the encryption key needed to
restore your organization back to normal. There are two common methods by which a hacker can hit your infrastructure with a ransomware attack. The first common method that a hacker might take advantage of are what are known as zero-day exploits. These are known weaknesses that they find within the software and deploy before the developers of that software have a chance to put out a patch or an update that resolves the issue. When this happens, hackers can target any user or organization that is running the version of the software that contains the anemic code. The other common passage to which a ransomware attack might take place is with a successful phishing attempt, in which deceived authorized users allow the hacker to access the environment by clicking a link, installing an app, or providing their credentials. The method by which users are targeted is usually done with what is known as a spray and pray dispersal. In which large numbers of organizations are solicited all at once in the hopes that at least one user from one of those organizations will fall for the craft and messaging. Needless to say, it is vital to ensure that you are consistently updating the software that you use to prevent a hacker from being able to take advantage of zero-day exploits, and to also train your users to recognize and quarantine suspected phishing attempts. Now that we understand the severity of ransomware attacks and the various methods by which they are carried out. Let's take a closer look at the steps you can take to ensure that your Synology NAS is protected from a nefarious actor who might be trying to steal the data that is vital to your organization's success. Synology's development team takes security very seriously and is working every day to improve the DSM operating system and ensure that there are no possible loopholes that a hacker might be able to use to gain access to your NAS environment. We also offer a bounty program for anyone who is able to find
and report vulnerabilities in our software. New software updates are released throughout the year both for DSM itself, as well as for the various packages that you can install in Package Center With that said, it is your responsibility as a user to make sure that you are installing updates as soon as they come in. You can see your current update settings by going to the Update & Restore section in Control Panel. You'll see there that you have the option to either automatically install updates as soon as they come in or to be notified
as soon as a new update for DSM has been released. It's up to you to choose the method that is most appropriate for your organization. With that said, if you choose to be notified when a new update is released. Then please, make sure to install that update at a time that is convenient for you and your organization as soon as possible. Even though the DSM operating system is robust, there are still
ways in which your NAS can be compromised by a nefarious actor. First, an authenticated user might unknowingly introduce an infection by compromising their credentials in some way. Possibly by a phishing exchange as was mentioned earlier. It's also possible that your infection might come from within a user of your own organization. A disgruntled employee with admin credentials of some form could deliberately compromise your system and lock you out of your data. Finally, there's always the classic method of a hack by brute force. If you don't have set up some limitation to the number of guesses that can be made for user accounts on your NAS. Robots can continuously ping the device with guesses as to what the admin credentials could be before landing on the password you've set for your account. Once successful. They can log in, change your password, and effectively lock you out of your entire system. It's not just the password, but the username itself. If you leave your account username as admin which is the default for an administrator account. That will increase the chances that a hacker will successfully guess both the username and the password combination and be able to gain access. There are several steps you can take to prevent your NAS from being compromised, First, it's important to make sure that the passwords you use are strong. With a lot of characters, numbers, and symbols. And not commonly used phrases that would be easy for a hacker to guess. Second, we strongly recommend implementing two-factor authentication. So that a login requires access to your smartphone, This significantly reduces the chances of a hacker gaining access without your knowledge as you'll probably be aware of where your smartphone is, and
have it available at all time. To counteract brute force attacks, we recommend setting up autoblock IP. This will recognize when an IP address is consistently trying and failing to log in with an incorrect password. Which is a common sign of a robot trying to identify your login credentials. Your NAS should have firewall rules enabled to prevent unauthorized logins, which you can configure in the Security section of Control Panel. Finally, we strongly recommend using DSM with an encrypted connection at all times. So that your actions within the operating system are not visible to external actors. All of the best practices I just mentioned are highlighted in the DSM security checklist webinar that we held in
October of 2020. So if you'd like to review any of these important steps that you should be taking to prevent your NAS from being compromised. Then please, watch the recording of that webinar that we have uploaded to our YouTube channel. So far, we've talked about the many ways in which you can make a hacker's life difficult by securing admin access to your NAS to only the qualified individuals who need it. With that said, the scary reality of ransomware is that no matter what preventative measures you take to prevent a nefarious actor from accessing
your environment. There will always exist the possibility of a worst-case scenario. If that does happen, and if you do find your data encrypted with the demand for a cash payment. Your last line of defense will be to restore your data from a backup. In this final section, we'll talk about the different tools you have available to develop a robust backup strategy. So that your data is in a safe location you'll be able to turn to in the event that a hacker is successful in locking you out of your NAS. When it comes to keeping your organization safe, there is no substitute for keeping a working copy of your data off-site. Using a Synology NAS as a target for off-site storage is an effective strategy to achieve this goal. We're now going to take a closer look at the following Synology applications that are essential for backing up your data and keeping it stored in a safe location. First, we'll take a look at our license-free Active Backup for Business software. Which you can use to backup PCs, servers, and VMs to the NAS itself. So that they can be restored in the event of a ransomware attack or some other disaster. After that, we'll look at how you can use Snapshot Replication to create read-only copies of your data, and then also send them to a remote NAS device offsite. Finally, we'll learn more about Hyper Backup, which you can use to create a true incremental backup of your data, and sent to a variety of different locations including public cloud repositories and external USB drives. One of the most popular applications in our entire software suite is Active Backup for Business, which allows you to back up PCs, servers, and VMs to your Synology NAS with no license or subscription fees required. Once backed up, you can actually boot these machines and run them on the NAS itself using Synology Virtual Machine Manager. This can be done not just with VM backups, but with pc and server backups as well. The backups you create in Active Backup are bare-metal images. So they capture the entire machine and can be restored on any other device with the appropriate recovery media. That said, even though these backups are bare metal images, you can still perform individual file level restoration on them as
well using the Active Backup for Business Portal. This way, you don't have to go through the process of restoring an entire backup to where it was at a certain point in time just to retrieve one or two files that might have been accidentally misplaced. The first step that we're going to do with Active Backup for Business, is we're actually going to go to the Synology website, and we're going to download the Active Backup for Business Agent onto the endpoint that we want to backup. If we go here to the support tab at the top of the website, we can click on the Download Center link and that's going to take us to the section where we can download software for a particular operating system. I’m going to select DS3617xs as the NAS that I’m looking software for because that is what I’m going to be backing up to. And we're going to go to Desktop Utilities, and scroll down until we see the Synology Active Backup for Business Agent software. I’m going to download that for Windows. And this process will take a couple of seconds here, as we get the file downloaded to the computer and begin the installation process. Now just to clarify, I am downloading this onto a Windows server that is Hyper-V VM. And we're going to be backing that up to my DS3617xs NAS unit. And you'll see here, it's going to bring up a license agreement for us to accept. We'll accept the terms of that and click next. And then we're just going to install from there. So it's going to take a couple of minutes to install the software onto the device that we're going to be backing up. Once that's done, we just click finish. And then now we can open up the software and begin the process of backing up this endpoint. Once you've downloaded the Active Backup for Business Agent onto the device that you want to backup. The next step is going to be connecting that device using the agent to the Synology NAS that you're going to be backing up to. So what we're going to do, is we're going to enter in the address of the particular NAS server, and then I’m also going to enter in my username and password
credentials. Once I do that I’ll click connect. And it's going to bring up a warning I’m going to say that I want to proceed anyway. And then it's going to bring up a final window confirming that this is the actual NAS I want to connect to. And then once that's done we can move on to actually creating the backup task in DSM. Now that we've connected an endpoint to the Synology
NAS, the next step is going to be creating a backup task with that device. We'll go to the Active Backup for Business software, and then you'll see here, if we go to the PC tab, that the endpoint we connected is listed as HYPER-VSERVER1. Now one of the great things about Active Backup for Business, is we can actually convert different device types from a PC to a server. So if I click on this and go to change device type, it's going to ask if I want to confirm to do this, and I’m going to click Yes. You'll see that's disappeared from my PC backups. But if I go over here to Physical Server backups, you'll see that same machine HYPER-VSERVER1 is listed there. So we're going to create a backup task of this PC backup as a Physical Server. We're going to start out by naming it as Ransomware Backup Demo and then click Next. Next, it's going to ask which shared folder on the NAS we want to send the backup to. We're going to send it to the Active Backup for Business folder for now. Then it's going to ask if we want to back up the entire device, or if we just want to backup specific volumes. We're going to do a bare-metal image backup in this demo. And next it's going to ask if we want to schedule these backups. So we can actually schedule these to be taken as often as every hour throughout the day. For this demo, we're just going to do a one-time manual backup. And then, we're going to say for our versioning policy that we want to keep all versions. However, if we wanted to implement some kind of grandfather
father son policy, we could do that here as well. And then once we've gotten through all that, we're going to say that we want to back up now. And then that backup process will proceed in the background. After a few minutes, you'll see that my backup task has been completed. You can see here, it says that the last backup was successful and it'll also tell me the time that that was completed. Now, one of the great things about Active Backup for Business, is we have our own self-restore portal that we can use to restore individual files and folders. If I click on the application, you'll see it's actually going to open up a completely new window for me to explore. If I go to the top right corner, there will be a number of different
servers and PCs that I can choose to restore from. I’m going to scroll down to the HYPER-VSERVER1 that we just backed up. And I’m going to say that I want to look at the files and folders there. From here, you'll see that I can see the folder itself, and then I can actually go in and I can choose to restore or download individual files and folders either back to where they were originally, or to the pc that I’m using right now. Now, let's say you have a particular VM in your environment that is critical for your business to run. And let's also say that your production server ends up failing One great thing that you can do with Active Backup for Business, is you can actually take that VM backup and run it on the Synology itself. If we go to Restore, we can select Instant Restore to Synology Virtual Machine Manager. This is the hypervisor that is built into most business class Synology devices. I’m going to select the backup here that we want to run which is the backup that we made earlier. And then we're also going to choose the DS3617xs as the storage. The next screen is going to ask us how many CPUs and how much RAM we want to assign to this particular VM. I’m going to assign it 2 CPUs and 4 gigs of memory. And then it's also going to ask us to name it so we're going to
name this one Ransomware Backup VMM Restore After that, we're going to say that it's 40 gigs of storage space that we're going to need, and we're also going to choose for the network to be the default VM network, so we'll leave it at that. There are some other settings here we can adjust, we're going to leave them as the default for now. And we're actually going to give restoration privileges to some of the users on my NAS, in case they want to boot this up as well. Once all that's done I’m going to click apply. And then, you'll see that Synology Virtual Machine Manager will open up in a separate window. You'll see here is the particular backup and it's in the process of being restored. And just like that, after a few seconds, it's already restored and ready to be booted up. We're gonna power on that particular virtual machine, and you'll see here it's preparing. And just like that, after a few seconds, it's booted up, ready to
go, and we're running that VM on the NAS itself. Now that we know how to backup the endpoints in our network to our Synology NAS. Let's take a look at the 2 ways in which we can send the data on our NAS to an offsite location. When it comes to securing NAS data offsite, your best protection against ransomware is snapshots. A snapshot is a read-only copy of your data reflecting what the data looked like at the time that the snapshot was taken. Because these are read-only copies, they cannot be changed. Which is why they are your best defense against ransomware hackers who might attempt to encrypt your data in the hopes of making it unusable to you. With Snapshot Replication software in DSM, you can not only take snapshots of your NAS data, but you can also replicate that data to a remote NAS device. In the event that your primary system is compromised by a ransomware hack. All you will need to do is fail over the data on the remote system, and you'll be able to restore it on the remote site back to its former status. Let's now demonstrate the usefulness of snapshots by re-enacting a scenario where all of my data is encrypted by a hacker with a demand for a cash payment. Here in DSM, I have a shared folder that's called Critical Business Documents. And if we actually go over here to Snapshot Replication. You'll see that I see that same folder here as well, Critical Business Documents. So there's several files here that are really important that I will need in the event of a disaster. We go here to Snapshots, and select Take a Snapshot. We can name this particular snapshot Ransomware Encryption Demo. And then we're going to click Next. It's going to take a few seconds for that to process. But once it's done, we can go back up to the Snapshot and select Snapshot List. You'll see here is that particular snapshot that we just took. Now what we can do is we can actually schedule snapshots for a folder as well, you don't have to just take them manually. In fact, you can schedule snapshots to be taken as often as every 5 minutes. But you can also schedule them for different intervals throughout the day. In addition to that, you can set a retention policy for the snapshots if you so choose. You can choose a maximum number of snapshots that you want to retain. Or if you want, you can implement a grandfather-father-son policy by implementing different days for parts of the year for those snapshots to be taken out. If we go back here to the snapshot folder. Now, let's imagine what it would be like if this particular file that we saw earlier was encrypted. You'll see here I have mapped this network drive to my Windows File Explorer, and you'll see all the documents that we saw earlier. If I right-click on this, and I go to use a program called AXCrypt, I can actually encrypt all of these files. And in a few seconds, here you'll see right there all of those files are now encrypted. So they're not accessible to me, they're no longer word documents or Excel documents, they're all encrypted files. And if we go to my shared folder in DSM, you'll see that this change is reflected as well. These are all now .axx files, they're no longer PowerPoint documents or Excel documents. So, now that I’ve been encrypted, what can I do to get my files back to normal? We're going to head back to Snapshot Replication. And this time, we're going to go to the Recovery tab. You'll see there the Critical Business Document shared folder that we just took a snapshot of earlier. And if we click on it we'll see the snapshot here that we just took. I’m going to say that I want to restore to this snapshot, and then I’m going to click OK. It'll take just a few seconds here for that restoration process to take place. And then once that's done, we can go over here, into DSM, in the File Station, we can go back to that shared folder Critical Business Documents. And you'll see here, all of my files are now back to normal. Snapshots are very useful technology, but they do have limitations in that they are not able to back up your NAS's configuration settings, and they can only be sent remotely to another Synology device. Hyper Backup is another Synology application that can be used to backup your data, and send it to an offsite location. Unlike with snapshots, Hyper Backup supports the backup of your configuration settings in DSM. This includes users, groups, network settings, application data, and various other important parameters that you will not want to build from the ground up in the event that your primary NAS is compromised by ransomware. Hyper Backup also supports the individual restoration of files and folders, so you don't have to revert a backup entirely to its state at a given point in time if you accidentally misplace one or two files. Another key differentiator between this backup tool and Snapshot Replication is that Hyper Backup allows you to send your data to a public cloud repository including Synology's own C2 cloud storage service. Let's now take a closer look at Hyper Backup, and how we can use it to individually restore files and folders. If we go to the Hyper Backup application here, you'll see that I have a backup task called Critical Backup Recovery Files. If I click on this hourglass, this is what's called Hyper Backup explorer. And this is what I can use to actually explore this backup file at different points in time, and also look through all the files and folders. You'll see here I’ve backed up a server under a folder that's called Active Backup Data, and I’ve also backed up some critical files that I’ll need in the event of a worst-case scenario such as a disaster. You'll see here I can choose to restore those files back to where they were on the NAS. But I can also download them straight to my computer. And just like that, after a few seconds, if I click the download button that file will be on the PC that I’m using right now. Although there are a number of different cloud services that Hyper Backup integrates with. You might want to check out Synology C2, which is our own cloud storage service. You'll see here, if we go to the C2 console, that there is this backup that we looked at earlier called Critical Backup Recovery Files. If I click on this hourglass, I’ll be able to actually perform file-level restore in the cloud. So I’m not even in my Synology NAS right now. Another thing that's great about Synology C2 is that we do not charge any egress fees at all. So you can take as many files as you need from the cloud, and you won't be charged any fees for it. After a few seconds here, you'll see we have loaded up this particular backup file. And you'll see here's all the different files available. If I want to, I can choose to download one of these files straight to my computer to perform file-level restore by clicking this button over here And then after just a few seconds, that file will be downloaded straight to the PC that I’m using right now. Let's now demonstrate what it would look like if I was going to restore Hyper Backup data from a cloud service onto a remote NAS. If I open up Hyper Backup, you'll see here that we're on a completely different NAS than we were before. You can tell by the different tasks on the left-hand side. What I’m going to do is I’m going to go to the bottom left corner and click Restore Data. And then I’m going to choose to Restore from Existing Repositories. From here, we're going to select C2 cloud because that is where the data that I need to restore from is located. It's going to open up a new window, and from here we need to log in. I’m already logged in on this pc, so it's going to go straight to asking me for my permission to have this Synology NAS connect with my C2 account. I’m going to authorize that connection and then click Next. Then it's going to ask me what destination I want to select from, so this is which backup task in the cloud I want to choose. We're going to choose that Critical Backup Files document that we saw earlier. Next, the wizard is going to ask if we want to restore system configuration. So this would be things like users, groups, and other settings on the Synology NAS that perform this backup. I’m going to choose not to do that for now, but keep in mind that this is where you would be able to restore those settings. Then it's going to ask me which folder I want to restore. I’m also going to select which point and time I want to store from, which is a day earlier, and then I’m going to click Next. Once all that's done I’m going to click Apply, and then the restoration process will begin. After some time has passed, that restoration process will have been completed. So all of the backup files will have been pulled from C2 down
to this new NAS that I’m using as my off-site failover. If we go over here to File Station, you'll see here that that Shared Folder is now available. Along with all of the documents that I had in it, and also my Active Backup Data. Now let's say I want to restore my Active Backup Data as well. If I do, I need to open up Active Backup for Business on this new remote NAS. And I’m going to go to the storage tab on the left-hand side. I’m going to click on Active Backup for Business and click Relink. And then I’m going to choose that Critical Backup Files folder that we just brought down from C2. It's going to ask me to confirm, and then after that, it's just going to take a few seconds for the relinking process to take place. You'll see here that it's been successful, so if we go over to the Virtual Machine section in Active Backup for Business. You'll see that Hyperv-VServer1 is now available for us to restore. And in fact, we can actually go to the Restore tab and choose
to do an instant restore to Synology Virtual Machine Manager. So we can boot it up and run it on this particular NAS offsite. Let's review the different applications available in DSM that you can use to make sure your data is protected. Active Backup for Business is Synology's license-free backup software that lets you create bare-metal image backups, and store them on the NAS without having to worry about any license fees. By storing your endpoints on a Synology NAS, you'll have a safe means of restoring them if your organization gets hit with a ransomware attack. Snapshots are read-only copies of your data that can be scheduled to be taken at periodic intervals. You can also replicate them to an offsite location and then failover to them in the event that your primary site becomes victim to a ransomware intrusion. Finally, Hyper Backup is another means by which you can send your data offsite. Although this allows you to not only send it to a remote NAS device, but also to public cloud repositories including Synology's own C2 cloud storage offering. Let's take a minute to review everything that we've learned today. When we started out this presentation, we talked about the dangers of ransomware, and the two primary vectors by which a ransomware attack can be introduced: A zero-day exploits due to unpatched software or as a successful phishing attempt using social engineering techniques. After that, we looked at several best practices for securing your NAS to prevent hostile actors from breaking into your environment. We strongly recommend you take these actionable steps as soon as possible if they're not currently in place. So that you can ensure your NAS is never compromised by a hack. Finally, we looked at several important tools you can use to ensure that your data is in a safe location offsite. Active Backup for backing up endpoints such as PCs, servers, and VMs. Snapshots for creating read-only copies of your data. And Hyper Backup for creating a true incremental backup of your data and NAS configuration settings. Thank you so much for joining us today, to learn about the dangers of ransomware and the steps you can take to fight against it. By taking advantage of the tools built into your Synology device and designing a recovery plan for the event of a disaster. You are ensuring the long-term health of your organization by protecting your most indispensable resource, your data. Thanks again, and we look forward to seeing you in the next training.
I just got a DS420+ and have been a sponge the last week with user youtube videos... and now this. This is amazing. I am so glad I got rid of my buggy WD My Cloud and got a Synology. Just the community and educational opportunities so far have been amazing.
Got my 220+ in today - will be sure to take notes
Perfect guide for a new user.