Cryptolocker deviation attacks Synology NAS devices

Status
Not open for further replies.
Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Content source
http://www.neowin.net/news/cryptolocker-deviation-attacks-synology-nas-devices
ds414-back1_story.jpg


A vile piece of malware, called Cryptolocker, has been going around the Internet for awhile now, with new variants popping up from time to time in order to remain undetected. The malware works by scanning your mounted drives and quietly encrypting everything. Once finished, the victim receives a notice that the only way to decrypt the files is to pay a ransom for the key. If you don't pay, you will never be able to access your files anymore unless you have a backup that wasn't impacted by the malware.

Someone has taken the base Cryptolocker and found a way to automatically attack Synology devices. Several users have reported that data on their Synology devices are inaccessible. In addition, when accessing the admin console, users are greeted with a ransomware notice telling them to transfer 0.6 BitCoins ($350) for the key. According to a notice we received from Synology, this appears to only impact devices running DSM 4.3, but the company is investigating whether it impacts version 5.x as well or not.

Until Synology figures out exactly what the issue is, they're recommending the following:

A. Close all open ports for external access as soon as possible, and/or unplug your Disk/RackStation from your router

B. Update DSM to the latest version

C. Backup your data as soon as possible

D. Synology will provide further information as soon as it is available.

If your NAS has been infected:

A. Do not trust/ignore any email from unauthorized/non-genuine Synology email. Synology email always has the “synology.com” address suffix.

B. Do a hard shutdown of your Disk/RackStation to prevent any further issues. This entails a long-press of your unit’s power button, until a long beep has been heard. The unit will shut itself down safely from that point.

C. Contact Synology Support as soon as possible at, http://www.synology.com/en-global/support/knowledge_base

This should also be a reminder to everyone on why backups are extremely important: It's far easier to restore from the backup than to deal with trying to pay the ransom. It's also important to note that ransomware like this can impact anybody's system regardless of operating system.

We'll be sure to keep everyone updated on any new developments as we hear them.

Source: Synology
 
  • Like
Reactions: bob974
Status
Not open for further replies.

Similar threads

Cleo
    • Like
Hot Take Ugreen has a Kickstarter for a NAS
Replies
3
Views
298
Hardware Discussions
Bot
Bot
CyberTech
    • Like
    • Applause
    • +Reputation
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto
Replies
0
Views
669
News Archive
CyberTech
CyberTech
LASER_oneXM
    • Like
Synology warns of critical Netatalk bugs in multiple products
Replies
0
Views
950
News Archive
LASER_oneXM
LASER_oneXM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top