archstanton
Suspended / Banned
- Messages
- 281
- Name
- Malc
- Edit My Images
- Yes
Hi everyone, this is just a warning to Synology NAS users, there is a new variant of the cryptolocker type ransomware specifically targeting Synology NAS drives that are open to the internet. If your NAS is accessible from the internet on its admin ports it can be infected directly without your computer connected to it - the drive contents are encrypted and you only get the key if you pay the ransomers a few hundred quid.
http://www.anandtech.com/show/8337/synology-advises-users-of-synolocker-ransomware
I suspect if the drive is just as your backup you can just wipe the drive and recreate from your main copies of the files - but it's still a major pain in the a**e.
A quick snip from the above:
Update (08/05/2014):
Synology has finished analyzing the exploit and confirmed which versions of DSM are vulnerable. The vulnerability in question was patched out of DSM in December of 2013, so only servers running significantly out of date versions of DSM appear to be affected.
In summary, DSM 5.0 is not vulnerable. Meanwhile DSM 4.x versions that predate the vulnerability fix – anything prior to 4.3-3827, 4.2.3243, or 4.0-2259 – are vulnerable to SynoLocker. For those systems that are running out of date DSM versions and have not been infected, then updating to the latest DSM version should close the hole.
http://www.anandtech.com/show/8337/synology-advises-users-of-synolocker-ransomware
I suspect if the drive is just as your backup you can just wipe the drive and recreate from your main copies of the files - but it's still a major pain in the a**e.
A quick snip from the above:
Update (08/05/2014):
Synology has finished analyzing the exploit and confirmed which versions of DSM are vulnerable. The vulnerability in question was patched out of DSM in December of 2013, so only servers running significantly out of date versions of DSM appear to be affected.
In summary, DSM 5.0 is not vulnerable. Meanwhile DSM 4.x versions that predate the vulnerability fix – anything prior to 4.3-3827, 4.2.3243, or 4.0-2259 – are vulnerable to SynoLocker. For those systems that are running out of date DSM versions and have not been infected, then updating to the latest DSM version should close the hole.
