Orbits IT

Synolocker – Cryptolocker that targets Synology NASs

We were made aware of a new exploit that is in the wild this morning. The exploit known as Synolocker appears to be a variant of the Cryptolocker Ransomware. Synology NAS devices are being targeted and once exploited the data held on the device is encrypted and a ransom note directs users to a hidden website on TOR (The Onion Router) where they are asked to pay 0.6 bit-coins for the encryption key.

Information on which devices and versions of the DSM operating system are vulnerable are scarce but we are recommending external access to Synology NAS devices are turned off or at the very least the standard ports are not used. Also ensure your passwords are secure and you have regular backups of your data.

Update at 16:54 – 04/08/2014

Synology have posted the following statement on their forum:

 

“We’d like to give you an update regarding SynoLocker, a randsomware affecting certain Synology servers. When trying to access DSM, it displays the message below, in addition to instructions for paying a fee to unlock your data:

“All important files on this NAS have been encrypted using strong crypotgraphy”

What should you do?

If you are seeing this message when trying to login to DSM, please:

1-power off your DiskStation immediately to avoid more files being encrypted
2-contact our Support team so we can investigate further

If you are in doubt as to whether your DiskStation may be affected, please don’t hesitate to contact us at security@synology.com

We will keep you updated in this thread with any information we have to address this issue.”

 

 

Follow us

A quick overview of the topics covered in this article.

Latest articles