How to Secure Your Synology NAS from Ransomware

Unfortunately, someransomwarehad infected the NAS and demanded payment to restore the data.

Here’s what you could do to secure your NAS.

You have several options to choose from to prevent attacks like this.

Tiny PC Hero

you might disable remote access altogether, allowing only local connections.

If you need remote access, you could set up aVPNto restrict access to your NAS.

If it’s possible for you to’t access your NAS remotely, then neither can a hacker.

The word Windows 11 with a map pin on the right and the default windows 11 wallpaper as background.

Most recent Synology NAS units include aQuickConnect feature.

QuickConnect takes care of the hard work for enabling remote features.

With the feature turned on, you don’t have to set up router port forwarding.

The Razer Blade 16 2025 gaming laptop sitting open on a desk.

To remove remote access through QuickConnect get in to your NAS interface.

kick off the control panel and tap on the “QuickConnect” option under Connectivity in the sidebar.

Uncheck “Enable Quick Connect” then click apply.

To disable port forwarding, you shouldlook up your router’s IP address and use it to sign in.

Then consult your router’s manual to find the port forwarding page (everyWi-Fi routermodel is different).

The manual will show you where to look for exiting port forwarding rules.

Synology Control panel showing QuickConnect and External Access options.

Turn off any port forwarding rules for the NAS unit.

But if you have to connect remotely, we recommend setting up avirtual private web connection(VPN).

With a VPN server installed, you won’t get into the NAS unit directly.

Synology Control panel with arrows pointing to QuickConnect, Enable QuickConnect, and Apply button.

Instead, you’ll be connecting to the router.

you’ve got the option to download a VPN server on your Synology NAS from the Package Center.

Just search for “vpn” and choose the install option under VPN Server.

Package Center with the VPN Server install showing.

If you’re using OpenVPN for your VPN, you’ll need a compatible VPN Client to access it.

We suggestOpenVPN Connect, which is available forWindows,macOS,iOS,Android, and evenLinux.

To secure remote access, you should log into the NAS, open Control Panel, then select Users.

OpenVPN settings in a Synology NAS

The default admin account is the first account ransomware usually attacks.

You should ensure that any users you created for the NAS have complicated passwords.

We recommend using apassword managerto help with that.

Control Panel password settings with most options checked.

You’ll find password configs in the Advanced tab of the User profiles in the Control Panel.

The default options will block an IP address from making another login attempt after ten failures in five minutes.

Finally, consider turning on your Synology firewall.

Control Panel Firewall settings , with Firewall enabled.

With a firewall enabled only services you specify as allowed in thefirewallwill be accessible from the internet.

You’ll find the firewall options in Control Panel > Security Firewall.

Data loss and ransomware encryption is always a possibility with a NAS unit, even when you take precautions.