SynoLocker Ransomware encrypting Synology NAS Devices A warning to all Synology owners, there is a new ransomware which is active and encrypting files on your Nas Storage Device. The ransomware is called “SynoLocker” (example below) As you can see you can regain your encrypted data by paying a fee to the cyber criminals, so if you’re a victim of SynoLocker and ask to pay approx $400 USD
or whatever the price there asking you to pay to release you from this ransom, you should never pay. The more people pay the more they will keep creating these nasty encrypting ransomware. If there is no money to be made from ransomware they will give up and stop making these type of malware infections.
This type of infection can cripple a small business using Synology™ NAS network storage devices unless the business keep regular backups. “Synolocker” takes advantage of vulnerable and unpatched Synology storage devices that are connected to the Internet. The cyber criminals scan for internet address on Port 5000 once found a vulnerable target, its attacked by malicious code that encrypts files on that Nas Storage Device, which renders the Nas Storage date useless until they pay the ransom. (example below)
Victims must USD$400 in Bitcoin, I guess this is to hide they identity and makes it harder to track them down. Once paid your be given a decryption key via a TOR Hidden service website (example below)
Synology had the following to say:
[Update: 5/8/2014]
Hello Everyone,
We’d like to provide a brief update regarding the recent ransomware called “SynoLocker,” which is currently affecting certain Synology NAS servers.
Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. At present, we have not observed this vulnerability in DSM 5.0.
For Synology NAS servers running DSM 4.3-3810 or earlier, and if users encounter any of the below symptoms, we recommend they shut down their system and contact our technical support team here: https://myds.synology.com/support/support_form.php.
-When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
-A process called “synosync” is running in Resource Monitor.
-DSM 4.3-3810 or earlier is installed, but the system says the latest version is installed at Control Panel > DSM Update.
For users who have not encountered any of the symptoms stated above, we highly recommend downloading and installing DSM 5.0, or any version below:
-For DSM 4.3, please install DSM 4.3-3827 or later
-For DSM 4.1 or DSM 4.2, please install DSM 4.2-3243 or later
-For DSM 4.0, please install DSM 4.0-2259 or later
DSM can be updated by going to Control Panel > DSM Update. Users can also manually download and install the latest version from our Download Center here: https://www.synology.com/support/download.
If users notice any strange behavior or suspect their Synology NAS server has been affected by the above issue, we encourage them to contact us at security@synology.com.
Apologies for any problems or inconvenience caused. We will keep you updated with latest information as we address this issue.
