Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
G.Skill TridentZ 5 RGB 6800 MHz CL34 DDR5 review
Be Quiet! Dark Power 13 - 1000W PSU Review
Palit GeForce RTX 4080 GamingPRO OC review
Core i9 13900K DDR5 7200 MHz (+memory scaling) review
Seasonic Prime Titanium TX-1300 (1300W PSU) review
F1 2022: PC graphics performance benchmark review
MSI Clutch GM31 Lightweight​ (+Wireless) mice review
AMD Ryzen 9 7900 processor review
AMD Ryzen 7 7700 processor review
AMD Ryzen 5 7600 processor review

New Downloads
CPU-Z download v2.04
Intel ARC graphics Driver Download Version: 31.0.101.4090
AMD Radeon Software Adrenalin 23.1.2 (RX 7900) download
GeForce 528.24 WHQL driver download
Display Driver Uninstaller Download version 18.0.6.0
Download Intel network driver package 27.8
ReShade download v5.6.0
Media Player Classic - Home Cinema v2.0.0 Download
HWiNFO Download v7.36
MSI Afterburner 4.6.5 (Beta 4) Download


New Forum Topics
528.24 - Clean Version Amernime Zone AMD Software: Adrenalin / Pro Driver - Release Discovery 22.12.2 WHQL GeForce 528.24 WHQL driver download Export and Share curve OC profiles for MSI AB (suggestion) NVIDIA GeForce 528.24 WHQL driver download & Discussion 7900XT Increased post time Nvidia 528.34 driver Vulkan Intel Shares Fourth-Quarter and Full-Year 2022 Financial Results Resizable Bar working on intel's 3rd Gen Ivy Bridge from 2012 AMD Software: Adrenalin Edition 23.1.2 for AMD Radeon™ RX 7900 Series




Guru3D.com » News » Synology NAS servers plagued by Ransomware (updated)

Synology NAS servers plagued by Ransomware (updated)

by Hilbert Hagedoorn on: 08/06/2014 07:00 PM | source: | 13 comment(s)
Synology NAS servers plagued by Ransomware (updated)

Multiple users of the popular Synology NAS are complaining that their NAS unit was infected with Ransomware, encrypting their data rendering it as inaccessible. A new malware called Synolocker encrypts all files on the NAS server, if users want their data unlocked they will have to pay hundreds of Euros to retrieve their files.

End-users are complaining on the Synology forum that they can not access their data anymore and to unlock / decrypt the data again, they are forced to pay 0,6 Bitcoin (260 EURO) to regain access through a TOR hidden website. To this point it is unclear if in fact the end-users can access the data again after they paid. 

Synolocker seems to resemble CryptoLocker a lot, the dreaded ransomware that effected many user. Up-to this moment it is unclear how Synolocker installs itself, it could be through a leak in the user interface, hacked SSH or even FTP. Often it is the result not updating firmware in combination with exposing the NAS units to the world wide web. Rumored right now is that users effected have an old DSM for which heartbleed was not fixed. Others claim that the NAS'es infected all had EZ-Internet service enabled.

For now we would like to advice to take your Synology NAS offline until Synology releases an explanation, typically they are very fast with their fixes. But do not allow your NAS to be publicly reached over your router to the internet. Also make sure you have the latest firmware of your Synology NAS server installed.

Earlier this year Synology NAS systems have been abused to mine bitcoins and dogecoins. it is claimed that the attackers have been able to mine up-to half a million EURO. 

Update:

The issue is currently localized to NAS units running non-updated versions of DSM 4.3, but Synology is investigating if the hack works on DSM 5.0 as well.

Synology is urging users to take the following steps - close all ports for external (Internet) access, and unplug your NAS from your local network; and with your NAS plugged into just one machine, update DSM to the latest version; and back-up your data. If your NAS unit is infected, disconnect it from the network, perform a hard-shutdown, and contact Synology. The issue highlights one of the many dangers of a distributed currency, in which the beneficiary of funds is difficult to trace.

Here's an emergency statement from Synology (the company is preparing a press-release):

You may have heard by now that DSM is undergoing a CryptoLocker hack called SynoLocker – as of yesterday (08/03/14). It’s a BitCoin Mining hack that encrypts portions of data, and ransoms the decryption key for .6 BitCoin ($350). So far, it looks like the matter is localized to non-updated versions of DSM 4.3, but we are actively working on, and researching the issue to see if it also effects DSM 5.0 as well.

In the interim, we are asking people to take the following precautions:

A. Close all open ports for external access as soon as possible, and/or unplug your Disk/RackStation from your router
B. Update DSM to the latest version
C. Backup your data as soon as possible
D. Synology will provide further information as soon as it is available.

If your NAS has been infected:
A. Do not trust/ignore any email from unauthorized/non-genuine Synology email. Synology email always has the “synology.com” address suffix.
B. Do a hard shutdown of your Disk/RackStation to prevent any further issues. This entails a long-press of your unit’s power button, until a long beep has been heard. The unit will shut itself down safely from that point.
C. Contact Synology Support as soon as possible at, http://www.synology.com/en-global/support/knowledge_base

Update 2:

Synology has been investigating and working with users affected by a recent ransomware called "SynoLocker." Synology has confirmed the ransomware affects Synology NAS servers running older versions of DiskStation Manager, by exploiting a vulnerability that was fixed in December, 2013, at which time Synology released patched software and notified users to update via various channels.

Affected users may encounter the following symptoms:
  • When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
  • Abnormally high CPU usage or a running process called "synosync" (which can be checked at Main Menu > Resource Monitor).
  • DSM 4.3-3810 or earlier; DSM 4.2-3236 or earlier; DSM 4.1-2851 or earlier; DSM 4.0-2257 or earlier is installed, but the system says no updates are available at Control Panel > DSM Update.

For users who have encountered the above symptoms, please shutdown the system immediately to avoid more files from being encrypted and contact our technical support here. However, Synology is unable to decrypt files that have already been encrypted.
For other users who have not encountered the above symptoms, Synology strongly recommend downloading and installing DSM 5.0, or any version below:
  • DSM 4.3-3827 or later
  • DSM 4.2-3243 or later
  • DSM 4.0-2259 or later
  • DSM 3.x or earlier is not affected
Users can manually download the latest version from our Download Center and install it at Control Panel > DSM Update > Manual DSM Update.
Synology sincerely apologizes for any problems or inconvenience this issue has caused our users. As cybercrime proliferates and increasingly sophisticated malware evolves, Synology continues to devote resources to mitigate threats and is dedicated to providing users with reliable solutions.


Synology NAS servers plagued by Ransomware (updated) Synology NAS servers plagued by Ransomware (updated)




« BenQ XL2420G hybrid engine G-SYNC gaming monitor · Synology NAS servers plagued by Ransomware (updated) · Gigabyte Essence mITX Barebone »

Related Stories

Synology Outs their new DS415play 4-Bay NAS - 07/15/2014 04:45 PM
Synology is pleased to announce the DS415play, the four-bay follow-up to 2014's popular two-bay DS214play. As the second Synology NAS to support hardware video transcoding, the DS415play delivers ful...

Synology DiskStation DS414slim Consumer NAS - 05/27/2014 08:40 AM
Synology is pleased to announce the refresh of one of its most eye-catching DiskStations, the DS414slim. The slim is the smallest four-bay NAS to features the award winning DiskStation Manager 5.0 ope...

Synology RackStation RS814+ and RS814RP+ NAS - 01/15/2014 03:52 PM
Synology today announced RS814+ and RS814RP+, a scalable 1U 4-bay rackmount NAS server offering high-performance, expandable, and full-featured network attached storage solutions for small and medium-...

Synology DS214play NAS for Optimized for Multimedia - 10/22/2013 09:39 AM
Synology America Corp. is excited to announce its first media-centric DiskStation, the DS214play. The play is the first DiskStation to launch with dedicated hardware acceleration, specifically for vid...

Synology DiskStation DS214 2-Bay NAS Server - 10/18/2013 01:35 PM
Synology offers you their latest 2-bay NAS server, the DiskStation DS214. Designed for SMB & SOHO users, this compact NAS server is equipped with a 1.066GHz dual-core processor....


3 pages 1 2 3


Vtech
Senior Member



Posts: 134
Joined: 2009-02-12

#4887986 Posted on: 08/04/2014 03:28 PM
Regardless the money extortion they seem to be very cordial, lool.

BarryB
Senior Member



Posts: 1163
Joined: 2007-07-11

#4888000 Posted on: 08/04/2014 03:55 PM
Bastards! Just put a pair of 6TB Reds in mine, luckily I've not put all my data back and still have the data backed up, plus I switched it off this morning so we'll check it when I get home and see if it was infected! Did Synology infect the latest DSM on purpose I wonder :D

BangTail
Senior Member



Posts: 3568
Joined: 2006-10-15

#4888006 Posted on: 08/04/2014 04:02 PM
No issues on any of mine - I suspect this has something to do with old DSMs.

BarryB
Senior Member



Posts: 1163
Joined: 2007-07-11

#4888008 Posted on: 08/04/2014 04:04 PM
no issues on any of mine - i suspect this has something to do with old dsms.


yet!!!

BangTail
Senior Member



Posts: 3568
Joined: 2006-10-15

#4888019 Posted on: 08/04/2014 04:19 PM
Well, they are all offline now until we get some kind of clarification from Synology as to whether it is a security issue with an older DSM or a more current issue.

3 pages 1 2 3


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2023