Samenvatting

The present study examines the impact of ransomware against Network Attached Storage (NAS) devices. NAS devices are external hard drives which are usually easily accessible through the internet. Between 2019 and 2022, 434 ransomware attacks were reported to the Dutch Police, of which 78 (18%) were against NAS devices. These attacks targeted both companies as individuals. One limitation of this sample is possible low willingness to report to the Police. The aim of the present study is to compare NAS attacks with regular attacks. Our findings show that, compared to regular ransomware attacks, NAS ransomware typically targets individual citizens instead of organizations, requests relatively low amounts of ransom, and the attack is carried out in a more automatic fashion. Furthermore, attack campaigns seem to correlate with the publication of certain vulnerabilities of NAS devices.
We present recommendations for users of NAS devices, companies who sell NAS devices and local government agencies, to minimize the risk and impact of NAS ransomware attacks among citizens. First, updating the NAS software seems the most important step a user could take to prevent NAS ransomware. NAS vendors should inform clients of the risks of falling victim of NAS malware, including ransomware. Local government agencies could take a more generalized approach where they advise citizens to think about safe data-storage. Our study is, to the best of our knowledge, the first to pay attention to NAS ransomware. Although the financial impact of an attack on an individual is relatively low compared to an attack against an organization, the loss of personal pictures and videos can be very painful for victims and therefore we think it is important to address NAS ransomware in the public debate.