The Inquirer-Home

Synology 'investigating' Synlocker NAS drive ransomware

Users hit by ransomware advised to shutdown their systems
Wed Aug 06 2014, 10:33
malware virus security

SYNOLOGY HAS RESPONDED to reports that its NAS drives have been hit by a version of the Cryptolocker ransomware called "Synlocker."

Reports of Synlocker first emerged on Monday, and Synology has finally bucked up its ideas and released a statement about it.

A spokesperson for the company said on Wednesday, "We are fully dedicated to investigating this issue and possible solutions.

"Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. At present, we have not observed this vulnerability in DSM 5.0."

Synology added that should users encounter any odd behaviour from their NAS drive - such as a notification that says a fee is required to unlock data - they should shutdown their system and contact technical support. The firm also advises that users update to the DSM 5.0. 

Unlike most versions, Synolocker doesn't outright extort money, but rather masquerades as a courtesy to improve the security of the drive and goes on to brag about how strong its encryption is. 

It cites the multilayer lockdown that has been carried out on the drive's files, including RSA 2048-bit keys and 256-bit keys on a per file basis, all carried out on the remote server before being securely overwritten.

Alarm bells should start to ring when the decryption process requires the installation of the Tor web browser, the anonymisation service that allows users to enter websites that are located on the so-called "dark web".

At this point, the victim is asked to pay 0.6 bitcoins to retrieve their files, equivalent to around £209 at time of writing.

It is not clear at the moment what has caused the vulnerability and there has been no comment from Synology on the matter, but reports continue to come in from all over the world to the Synology user forums. Some users have speculated that the vulnerabilities exploited are in the Diskstation user interface itself.

Earlier this year, Synology launched two new rack-based Rackstation NAS units running Diskstation 4.3. It is believed that these are among the affected models.

Cryptolocker continues to evolve. In recent months as well as Windows, versions have started to appear on Android devices. In all case payment is required and does not always guarantee the safe release of files. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015