You cannot copy content of this page

Steps to Secure Synology NAS Against Ransomware

It’s a good idea to have an Antivirus application on your server, but don’t rely on it for ransomware protection. Dong Ngo | Dong Knows Tech

If you don’t know what ransomware is, check out this post, or take my word for it: It’s really bad. Recently, there has been a wave of attacks that make Synology NAS ransomware susceptible, which has caused a lot of concerns. Not only Synology NAS is popular — I’m a fan myself — these servers are among the best ways to protect your data in the first place. They indeed are, but only when they are safe themselves.

This post will walk you through the steps of securing your Synology NAS against attacks.

How ransomware attacks Synology NAS servers

To keep your server safe, you need to know what makes it vulnerable. As far as I know, there has been no security vulnerability. In other words, when appropriately configured, your server is secure.

So far, hackers have gained access to some servers via brute force attacks — they keep guessing the usernames and passwords until they got a combination that works. It’s like trying a ton of keys on a lock, one by one, until one fits.

Unlike lock picking, though, hackers can use software to try hundreds, if not thousands, of combinations per second. They can run through an entire dictionary during an attack. It’s quite annoying. The good news is it’s relatively easy to fight against this type of break-in attempts.

How to keep your Synology NAS ransomware free

Generally, it’s always a good idea to keep your server up-to-date with the latest OS version. Also, install an antivirus package, such as the Antivirus Essential, which is free.

After that, there are two things more you should do: Practice secure user account management and enable auto-blocking.

Using strong password rules is an excellent way to keep your NAS server safe. Dong Ngo | Dong Knows Tech

Synology NAS ransomware protection: Secure user accounts

Here are what you should do with the user accounts:

  • Disabled the default admin account since everyone knows this account exists. Make sure you create another account and add it to the administrator group first.
  • Use multiple words for a username. For example, instead of “Dong,” use “Dong Ngo.”
  • Use a hard-to-guess password. You don’t need to use an overly complex one you can’t remember yourself. For example, “MyName1sD0^ng” is a tough password to guess, yet, quite easy to remember, for me at least.

In a Synology server, you can enforce strong passwords by using password rules. Here’s how:

  1. Log in to the server’s interface, open Control Panel
  2. Open User and then tab Advanced
  3. Check the Apply password strength rules and check more boxes underneath accordingly.
  4. Click on Apply.

Synology NAS ransomware protection: Auto-blocking

Auto-blocking is an excellent way to fight against brute force attacks. It enables the server to automatically block the IP address of an attacker after certain wrong guesses that take place within a specified period.

Synology NAS ransomware protection: Enable the server’s Auto Block. Dong Ngo | Dong Knows Tech

Here’s how to enable Auto-blocking on a Synology NAS server:

  1. Log in to the server’s interface, open Control Panel
  2. Go to Security and then Account tab
  3. Under Auto Block, check the box that reads Enable auto block
  4. Specify the parameters. Generally, fewer login attempts within a more extended period mean better protection. For example, the settings of 5 attempts within 5 minutes are more than enough to block brute-force attacks.
  5. Enable Block expiration if need be. If you don’t, the IP will be blocked until you manually unblock it.
READ MORE:  Synology Mesh Overview: Home Wi-Fi Turned Pro

And that’s it. Your server is now safe as long as you keep your password secure. By the way, there are more settings in the Security section that you can try applying, a bit of warning: some of them might make life difficult for yourself.

Ω Found a typo? Please report it by selecting the text and pressing Ctrl + Enter. Thank you! ❤️

You May Also Like

About the Author: Dong Ngo

Before Dong Knows Tech, I spent some 18 years testing and reviewing gadgets at Technology is my passion and I do know it. | Follow me on Twitter, or Facebook!


Leave a comment (no spam or profanity, please!)

Get Dong Know Tech's Updates:

Spamming is NEVER included!

Thank You For Subscribing!

Don't forget to wash your hands regularly with soap! Stay Safe! ❤️

Spelling error report

The following text will be sent to our editors: