Home News SYNOLOGY ISSUES STATEMENT ON “SYNOLOCKER” RANSOMWARE
News

SYNOLOGY ISSUES STATEMENT ON “SYNOLOCKER” RANSOMWARE

Older versions of DSM to blame?

I’ve not seen this first hand, but apparently there’s a particularly nasty piece of ransomware doing the rounds that affects Synology Diskstation devices.

Ransomware is the term for malicious software that infects your system and then holds your files hostage (hence ransom), demanding payment in exchange for allowing you access to your files.

In this case, as with most, the ransomware encrypts the files on the hard disk preventing you from accessing them.  The problem is, even if you do pay (and why should you?) there’s no guarantee that you’ll get any of your files back, you are dealing with crooks after all.

Unfortunately, SynoLocker seems to find it’s way into Diskstations by exploiting a vulnerability in DSM 4.3 or earlier, so if you’re running anything other than the most recent version of DSM you could find yourself susceptible.

Synology had the following to say:

We’d like to provide a brief update regarding the recent ransomware called
“SynoLocker,” which is currently affecting certain Synology NAS servers. 
We are fully dedicated to investigating this issue and possible solutions.
Based on our current observations, this issue only affects Synology NAS
servers running some older versions of DSM (DSM 4.3-3810 or earlier), by
exploiting a security vulnerability that was fixed and patched in December,
2013. At present, we have not observed this vulnerability in DSM 5.0.

For Synology NAS servers running DSM 4.3-3810 or earlier, and if users
encounter any of the below symptoms, we recommend they shutdown their system
and contact our technical support team here:
https://myds.synology.com/support/support_form.php:
•	 When attempting to log in to DSM, a screen appears informing users
that data has been encrypted and a fee is required to unlock data.
•	 A process called “synosync” is running in Resource Monitor.
•	 DSM 4.3-3810 or earlier is installed, but the system says the
latest version is installed at Control Panel > DSM Update.
For users who have not encountered any of the symptoms stated above, we
highly recommend downloading and installing DSM 5.0, or any version below:
•	 For DSM 4.3, please install DSM 4.3-3827 or later
•	 For DSM 4.1 or DSM 4.2, please install DSM 4.2-3243 or later
•	 For DSM 4.0, please install DSM 4.0-2259 or later
DSM can be updated by going to Control Panel > DSM Update. Users can also
manually download and install the latest version from our Download Center
here: http://www.synology.com/support/download.
If users notice any strange behaviour or suspect their Synology NAS server
has been affected by the above issue, we encourage them to contact us at
security@synology.com where a dedicated team will look into their case.

We sincerely apologise for any problems or inconvenience this issue has
caused our users. We will keep you updated with the latest information as we
address this issue.

Thank you.

Synology UK

If you experience any issues with your Diskstation, I’d suggest that you follow Synology’s advice and email them at: security@synology.com

Author

Matt

Leave a Reply