Synolocker 0-Day Ransomware Puts NAS Files At Risk

Deathlizard (115856) writes "Have a Synology NAS? Is it accessible to the internet? If it is, You might want to take it offline for a while. Synolocker is a 0-day ransomware that once installed, will encrypt all of the NAS's files and hold them for ransom just like Cryptolocker does for windows PC's. The Virus is currently exploiting an unknown vulnerability to spread. Synology is investigating the issue."

This is how we learn

not to connect your NAS directly to the internet.

Re:This is how we learn

[ShaunC]

The useful thing about the cloud is that no-one knows what it actually is, so any company is free to call their product cloud-based without contest.

Reminds me of the quote about "big data" being like sex in high school. Nobody's really sure what it is, but everyone thinks that everyone else is doing it, so everyone says they're doing it, too.

Re:Nuke it from orbit, then restore from backups.

[Thanshin]

The deluxe edition comes with an eye-patch. They initially offered a parrot, but there where some shipment incidences*.

*: There's still some debate about the actual status of the parrots upon arrival. Synology insists on the parrots' being alive, but there have been customer reports on the parrots being: "passed on", "no more", "ceased", "expired and gone to meet it's maker", "a stiff", "Bereft of life", "resting in peace", among others.

Re:Nuke it from orbit, then restore from backups.

[Dutch+Gun]

My Synology NAS is my home-based business' file server, a local machine backup (for my development machine and my digital audio workstation), and a media server for my ripped DVDs and Blurays, although this third function is just a nice bonus for me. Synology NAS devices have a very handy cloud backup application as well, which I use to backup all my most critical files to Amazon S3 services. I hope most people made use of this, because if Cryptolocker has taught us anything, it's that you absolutely need offsite backups that are NOT connected to your network.

I bought it specifically because it makes it easy to set up a multi-tiered backup strategy like that - something that takes on new importance when you spend a few years writing code on your own dime. As a file server, it's fantastic for small operations. I had a drive begin to fail last year, and so had a chance to test out the hot-swapping / RAID rebuilding feature. Worked like a charm - was super simple and zero down-time.

Personally, I've never once considered opening up my NAS to the outside internet. That always seemed crazy risky to me - after all, a single software mistake, a buffer overrun in a protocol stack of some sort, and *poof*, there's direct access to your file server and all it's critical data. I guess sometimes being paranoid pays off, but it gives me no pleasure to say so.

Cheeky bastards

[CurryCamel]

From TFA: the message that pops up to the victims ends with:

Copyright 2014 SynoLocker(TM) All Rights Reserved.

I have a real hard time respecting that copyright...

Update from Synology-sec issue patched 12/2013

[bhoar]

Updated posted 8/5/2014 by Jeremie on the English language Synology Forum: [We’d like to provide a brief update regarding the recent ransomware called “SynoLocker,” which is currently affecting certain Synology NAS servers. Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. At present, we have not observed this vulnerability in DSM 5.0.]