Sign in with
Sign up | Sign in
Your question

Synology Diskstations Infected w/Ransomware Synolocker/Cryptolocker

Tags:
  • Malware
  • Bitcoins
  • Storage
  • Synology
  • Facebook
  • Devices
  • Port Forwarding
Last response: in Storage
Share
August 5, 2014 6:56:17 AM

Yesterday, 8/4/14, a number of websites, including a Synology's Facebook post, started reporting that some users Diskstations had been infected with ransomware calling itself "Synolocker". The Cryptolocker variant encrypts files on the Diskstation and holds them for a 0.6 Bitcoin (~$400) ransom.

Details have been scarce regarding the exact devices or firmwares infected. Synology is investigating how the ransomware infiltrated the devices now.

Users have been encouraged to disable port forwarding on their routers and disable the Quickconnect function. Extra steps could include disconnecting the Diskstation from the router entirely or shutting down the unit until a fix is released.

As an owner of a DS213+ for personal data storage, I'm a little disturbed at the lack of official response from Synology. I've disabled port forwarding and the quick connect function so I am unable to access my device remotely. I could understand people using Diskstations for business use would be rather frustrated with this situation. I hope Synology can provide more information and a resolution quickly.

More about : synology diskstations infected ransomware synolocker cryptolocker

a b G Storage
August 5, 2014 11:23:20 AM

? im guessing you don't actually have a question, if your afraid of ransomware install a very good anti virus with internet security. ei something that prevent you from browsing or downloading from known phising and ransomware site.
August 5, 2014 11:25:19 AM

What version DSM are you using? I have the DS212j and never had port forwarding enabled, never had the quick connect function enabled either...No problems here, but then again I never visit FB pages or shady websites...
Related resources
August 5, 2014 1:19:28 PM

qazzi said:
? im guessing you don't actually have a question, if your afraid of ransomware install a very good anti virus with internet security. ei something that prevent you from browsing or downloading from known phising and ransomware site.



Sorry, I wasn't looking for an answer. Posted this as an FYI since I haven't seen a whole lot of coverage regarding this issue. Thankfully I'm running the latest DSM (ver 5.0-4493) and was not personally affected by the ransomware. From what I've caught on other forum posts, it looks like older versions of DSM (ver 4.3-3810 or earlier) are the ones affected. I'm still going to keep the remote access functions disabled for a while until Synology officially confirms that the latest DSM is not affected.
August 5, 2014 1:25:37 PM

bunker6 said:
qazzi said:
? im guessing you don't actually have a question, if your afraid of ransomware install a very good anti virus with internet security. ei something that prevent you from browsing or downloading from known phising and ransomware site.



Sorry, I wasn't looking for an answer. Posted this as an FYI since I haven't seen a whole lot of coverage regarding this issue. Thankfully I'm running the latest DSM (ver 5.0-4493) and was not personally affected by the ransomware. From what I've caught on other forum posts, it looks like older versions of DSM (ver 4.3-3810 or earlier) are the ones affected. I'm still going to keep the remote access functions disabled for a while until Synology officially confirms that the latest DSM is not affected.


I'm running the latest DSM version myself, however, I don't access the NAS remotely anyway, I just use it inside of my local area network...
!