Ransomware Ransomware crooks hit Synology NAS devices with brute-force password attacks

L0ckJaw

Level 19
Thread author
Verified
Content Creator
Well-known
Feb 17, 2018
870
Taiwan-headquartered storage vendor Synology is warning users to strengthen the passwords to their network attached storage (NAS) after several devices — capable of storing terabytes of data — were encrypted by ransomware.
NAS units used by home and small-business users are a juicy target for ransomware attackers, who know they're packed with valuable data, including backups of primary systems. In 2014, ransomware crooks hit thousands of Synology Diskstation devices by exploiting a flaw in the company's Linux-based DiskStation Manager that users hadn't patched. The attackers demanded 0.06 Bitcoin, then worth around $350, to regain access to files.
Synology is now warning its NAS device users that attackers recently stole device admin credentials using brute-force, or so-called dictionary attacks, where the attacker throws thousands of password combinations at a login interface.
As reported earlier this month, ransomware attackers have been targeting internet-facing NAS devices from a variety of vendors using the same methods.
Those attacks targeted NAS devices from Taiwanese vendor QNAP and delivered ransomware known as eCh0raix. But, in late July, there was a spate of reports from Synology users in an online forum that Synology devices were being encrypted with ransomware asking, once again, for 0.06 Bitcoin, now worth $583.

"We believe this is an organized attack. After an intensive investigation into this matter, we found that the attacker used botnet addresses to hide the real source IP," said Ken Lee, manager of Synology's security incident response team.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

"After collecting admin account passwords with brute-force attacks, the attack was launched on July 19 and caught users off guard. We therefore informed TWCERT/CC and CERT/CC immediately of this matter in hopes of accelerating the collaborative efforts to resolve this incident."
The firm is recommending customers use Synology's network and account management settings to prevent the internet-based attacks. This includes enabling the firewall in the Control Panel and only allowing public ports for essential services, as well as enabling two-step verification.
According to a person who claimed to be from Russian antivirus firm Dr. Web, there's no tool available to decrypt files encrypted with eCh0raix.

 

L0ckJaw

Level 19
Thread author
Verified
Content Creator
Well-known
Feb 17, 2018
870
Isnt there any 2 factor authentication avaiable ? I dont have a NAS so i dont know.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top