NAS warning about ransomware

The last few years have seen a dramatic increase in Ransomware attacks on NAS devices. Deadbolt is one of the more recent that has targeted Qnap devices.
A good time for a reminder that NAS drives should not be opened to the internet, so make sure that uPnP is turned off at the router and NAS and that you are not forwarding ports that will expose your device.


I am sure my NAS is open to the public but when it comes to forwarding ports and protocols I a bit lost. I just plug everything in and by magic it all works.

My concern is I’ll fiddle about and do something and the NAS will be lost or blocked on my network.

Any more detailed guidance where I start and go about this would be most helpful thanks.

This might help. Disable unnecessary port forwarding | QNAP (UK)

1 Like

You do not need uPnP or port forwarding to access your NAS from home as you are within your lan. A far greater risk will be having all your files encrypted by an attack.

Hi Mike, If upnp is disabled then will my nds still work with minimserver, and will I still be able to watch photos and videos on my smart tv from the synology nas? I assumed both of these used upnp?

I never use any internet access on the nas outside of my home network (apart from firmware updates etc) so would really like to make the nas secure from external interference like hacking and ransomware. Does your above advice about disabling upnp still apply to me or should I leave it as it is?


1 Like

Thanks, just wanted to clarify as I didn’t want to upset my home network, as when it all works ok I’m thrilled with it, but when something messes up I usually end up tearing my hair out as my knowledge with this stuff is quite limited. Looks like its worth a try though, so thanks.

Im on dsm6 and can’t find Network centre either. Ive looked in network but can’t find the options mentioned?

As far as I can recall there has never been a thing called ‘Network Centre’??

OK OK, hold this for DSM-7,
As I said above, I assumed its carried forward to DSM-7, its not or whatever its done differently. big apologies
I will go look-see

It’s all changed,
I think we should scrap/delete all the Synology related posts, I’ve done so with mine.
I still block all network UPnP access with my broadband hub

1 Like

Mike sorry to be dense - but would you be so kind if you have few minutes to run through how you do this - thanks.

1 Like

This article from QNAP describes what to do with their NAS devices:

Take Immediate Actions to Stop Your NAS from Exposing to the Internet, and Update QTS to the latest available version. Fight Against Ransomware Together | QNAP

By default the Security Councillor app is not installed so you’ll need to install it to check the relevant setting (it’s in the App Centre, under Security). All you need to do when installed is to run a scan and check for the value mentioned (see below).

Also by default the setting " The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP" is disabled so you won’t need to do anything unless you’ve changed it, or it’s been changed for you.

Hi Andy, how to this depends on your router (hub) brand, but I suspect whatever you have its all in there somewhere.

I have a BT Smart Hub 2.
The settings are all in the Advanced section of the BT Home Hub GUI
… UPnP off
… Extended UPnP Security off
I also have DMZ off, I believe this is the BT default setting due to security risks & the same applies to other brands.

1 Like



Oh yes indeed, to an external removable drive. This was originally done incase of a nas drive failure or lightning strike but now it will be good if my nas gets hijacked and held to ransom too.

My backup system:

1 Data with a main working copy on my PC:
Manual & Daily copy backup to NAS
Manual copy backup to 3rd drive in the PC

2 Data with main working copy on the NAS (mainly music):
Manual copy backup to 3rd drive in the PC

3 ALL data on NAS (including backup from PC):
Twice weekly automatic incremental backup to 2nd disk in the NAS

4 Occasional manual copy to off-site USB SSD.

N.B. the 2nd NAS drive is inaccessible from the PC.

If the NAS is disabled, by NAS malware, everything is on the PC and is inaccessible from the NAS.
If the PC is disabled, by PC malware, everything is on the 2nd drive of the NAS and is inaccessible from the PC.

Either way everything can be restored after a complete system wipe and rebasing of the affected system.

1 Like

Of course. Not sure the reason for the shouty question though.

I just thought it was the single most important thing that users should do to avoid ransomware and other failure issues. (or else I left the caps lock on).

1 Like

When I installed Security Councillor, it flagged up three apps as moderate security risks because they did not have valid digital signatures. Interestingly all were audio related: Asset, Twonky and Bubble UPnP, but not Minimserver. Not sure if this matters; hope not.


It should not matter as long as they came from their reputable sites.

I agree that a backup strategy is vital but the first step should be to minimise risk by keeping your device off the internet. That is why so many devices have been attacked.