Skip to main content

SynoLocker Ransomware Affecting Synology DiskStation

Last Update Date: 6 Aug 2014 20:50 Release Date: 6 Aug 2014 6847 Views

RISK: High Risk

TYPE: Attacks - Malware

TYPE: Malware

A recent ransomware called “SynoLocker”, which is currently affecting certain Synology NAS servers. 

 

Based on Synology current observations, this issue only affects Synology NAS servers running some older versions of DiskStation Manager (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. At present, Synology has not observed this vulnerability in DSM 5.0.


Impact

  • Remote Code Execution

System / Technologies affected

  • DSM 4.3-3810 or earlier

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • For Synology NAS servers running DSM 4.3-3810 or earlier, and if users encounter any of the below symptoms, we recommend users shut down the system and contact Synology's technical support team here: https://myds.synology.com/support/support_form.php.
    • When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
    • A process called “synosync” is running in Resource Monitor.
    • DSM 4.3-3810 or earlier is installed, but the system says the latest version is installed at Control Panel > DSM Update.
  • For users who have not encountered any of the symptoms stated above, we highly recommend downloading and installing DSM 5.0, or any version below:
    • For DSM 4.3, please install DSM 4.3-3827 or later
    • For DSM 4.1 or DSM 4.2, please install DSM 4.2-3243 or later
    • For DSM 4.0, please install DSM 4.0-2259 or later
  • DSM can be updated by going to Control Panel > DSM Update. Users can also manually download and install the latest version from our Download Center here:
    http://www.synology.com/support/download.
  • If users notice any strange behavior or suspect their Synology NAS server has been affected by the above issue, Synology encourage users to contact at [email protected].

Vulnerability Identifier

  • No CVE information is available

Source


Related Link