The problem:
My NAS server was attacked last week by 0XXX ransomware virus asking for a reward for my encrypted files.
My files were not very important and I still have physical copies of them on devices that are not connected to the network.
I also find it interesting to understand how the attack could be carried out, including knowing how to improve security without losing connectivity.
Important settings:
- The infected folder in question had SMB/CFIS enabled.
- The server can be accessed remotely if you have the IP or domain name.
- SSH is active.
- All default passwords have been replaced with strong and secure passwords.
Extra information:
- None of my PCs that could connect to the server were infected.
- Only the shared folder on the NAS was infected, the rest of the OS is fine.
- Anyway I decided to delete the shared folder, format and then I will re-enable the shared folder and run some test files and leave it like that for some time to see if the attack happens again after taking better security measures.
- As a matter of convenience, I would like to be able to continue accessing my server from abroad and be able to use SMB/CFIS on my local network.
You can ask me any question.