Case Study – NAS Drive Ransomware Recovery

The client that experienced this issue works with computers all the time as they design products for new & developing businesses. They work in an office with around 8 members of staff. They also have our VPN solution which enables their staff to work from home.

Their NAS (Network Attached Storage) drive which held all their business files had become infected with a Ransomware called Deadbolt, causing them to lose access to all their documents and be greeted with the following message:

Please Note: We do not recommend NAS drives as a business storage solution due to their security and reliability risks. We had previously the client on best practices and they had unfortunately not been able to migrate to a more robust solution when this issue occurred.

We researched the Deadbolt ransomware that had affected the NAS drive and found the cause of the vulnerability. We found that it came from an old firmware version for the device which opened a port on their router automatically using UPnP (Universal Plug & Play). We logged into the router and disabled UPnP to prevent anything of this sort from reoccurring. We then made sure that they had a backup of the data. Fortunately, they did run a daily backup using a cloud solution. We then removed the ransomware from the device using a removal tool provided by the NAS vendor. We finally restored the data from the cloud backup onto the NAS drive enabling it to function again malware free.

We spoke with the client a few days later as the data was set to take some time to restore. When we spoke he said he appreciated how responsive we were in working on a solution to his problem. He also said that he liked the frequent updates that we gave him throughout the job until completion.