Jump to content
RESET Forums (homeservershow.com)
keeplearnin

Watch Out For SynoLocker

Recommended Posts

keeplearnin

Not sure if this has been 100 percent proven to be in the wild yet but this is like Cryptolocker for your Synology. I believe it is being exploited over SSH or Telnet but still not sure. Also the details as to what version of DSM are affected is still sparse. I have one of these boxes at home and love it but be careful as the central part of your storage could all be encrypted without you knowing it. If you have this data moving somewhere else from your Synology that will also be encrypted. I think the malicious individuals are asking for 0.6 bitcoin which is about $350 USD. More info below.

 

http://www.cso.com.au/article/551527/synolocker_demands_0_6_bitcoin_decrypt_synology_nas_devices/

 

http://forum.synology.com/enu/viewtopic.php?f=3&t=88716

 

 

 

  • Like 1

Share this post


Link to post
Share on other sites
Dave

This should clear it up for you guys.

 

 

From Synology:

 

Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. Furthermore, to prevent spread of the issue we have only enabled QuickConnect to secure versions of DSM. At present, we have not observed this vulnerability in DSM 5.0.

 

Here is the press release:

 

http://www.synology.com/en-us/company/news/article/470

 

 

 

Synology® Continues to Encourage Users to Update

 

Washington, Bellevue—August 5th, 2014 —We’d like to provide a brief update regarding the recent ransomware called “SynoLocker,” which is currently affecting certain Synology NAS servers.

We are fully dedicated to investigating this issue and possible solutions. Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. Furthermore, to prevent spread of the issue we have only enabled QuickConnect to secure versions of DSM. At present, we have not observed this vulnerability in DSM 5.0.

For Synology NAS servers running DSM 4.3-3810 or earlier, and if users encounter any of the below symptoms, we recommend they shutdown their system and contact our technical support team here: https://myds.synology.com/support/support_form.php:

When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.

 

  • A process called “synosync” is running in Resource Monitor.
  • DSM 4.3-3810 or earlier is installed, but the system says the latest version is installed at Control Panel > DSM Update.

 

For users who have not encountered any of the symptoms stated above, we highly recommend downloading and installing DSM 5.0, or any version below:

 

  • For DSM 4.3, please install DSM 4.3-3827 or later
  • For DSM 4.1 or DSM 4.2, please install DSM 4.2-3243 or later
  • For DSM 4.0, please install DSM 4.0-2259 or later

 

DSM can be updated by going to Control Panel > DSM Update. Users can also manually download and install the latest version from our Download Center here: http://www.synology.com/support/download.

If users notice any strange behavior or suspect their Synology NAS server has been affected by the above issue, we encourage them to contact us at security@synology.com.

We sincerely apologize for any problems or inconvenience this issue has caused our users. We will keep you updated with the latest information as we address this issue.

 



About Synology

Founded in April of 2000, Synology Inc. is a leader in next-generation Network Attached Storage (NAS) servers for the home and small to medium sized business markets. Specializing in both hardware and software for network attached storage devices; Synology products are feature-rich, easy-to-use, energy-efficient, reliable and affordable. All Synology product investments are enhanced with product warranties, free software upgrades and 24/7 online support. Visit http://www.synology.com for more information

Synology has a global presence with Subsidiaries in the US (Bellevue, Washington), and the UK (London, England), Germany (Düsseldorf), and Taiwan (Taipei).


Press Contact

Thadd Weil marketing.us@synology.com 
Synology America Corp.

Share this post


Link to post
Share on other sites
keeplearnin

Awesome Dave thanks for circling back around on this. This definitely clears things up. Let me know if you ever want anyone to come on the show and talk home security, pfsense, untangle, port forwarding etc..

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...