Security Advisor

Encrypting Ransomware Targeting Synology NAS Servers

Plus: Researchers create unlock key to reverse high-profile ransomware "CryptoLocker."

Taiwan-based storage hardware maker Synology is warning users of a ransomware that is currently going after Synology network attached storage (NAS) servers.

According to the company, the malware named "Synlocker" has been exploiting a vulnerability in unpatched versions of the servers to remotely encrypt all data on the server using either RSA 2048-bit keys and 256-bit keys, depending on the file type. Once the data has been encrypted, the user is displayed a screen saying that the data will be decrypted only after paying a fee (in Bitcoins) to the malware operators. The hardware maker is currently investigating the incident after reports of the ransomware started to appear online earlier this week.

"We are fully dedicated to investigating this issue and possible solutions," said the company in a released statement. "Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013."

It's currently unknown how many Synology users have been hit with the Synlocker malware.

The company said that if users see any suspicious activities originating from their hardware, they should shut it down immediately and contact the Synology technical support team as soon as possible. It also said that upgrading to DSM 5.0 should protect users from the ransomware attack. Also, those running unpatched versions are strongly advised to shut down Synology NAS' ports 5000 or 5001 to the Internet to avoid attack.

CryptoLocker Ransomware Gets Unlocked
This week's emergence of the Synlocker ransomware is very reminiscent of another malware that has operated by encrypting user files and demanding money to decrypt. The "CryptoLocker" malware first appeared in 2013 and has used the same tactics to block an estimated 500,000 systems from accessing locally stored data.

Coincidentally, as one encrypting ransomware surfaces, CryptoLocker is put to rest. While the malware, which used infected e-mail attachments to gain access to systems, was halted from spreading thanks to a joint international law enforcement mission called "Operation Tovar" back in May, those users that did not pay the ransom before the seizure of the database and the arrest of those believed to be responsible went down in Russia were left unable to access the encrypted data.

Researchers from security firms FireEye and Fox-It announced today that they had obtained the private decryption keys and have set up the Web site www.decryptcryptolocker.com to help those still locked out to regain access to their data.  Affected users will then be asked to provide an e-mail address and to upload the encrypted files. A decryption key will then be sent to the users to unlock all affected files on that system.

"We are excited to work with Fox-IT to offer a free resource that can help thousands of businesses affected by the spread of CryptoLocker over the last few months," said Darien Kindlund, director of threat intelligence, FireEye, in a press release. "No matter the type of cyber breach that a business is impacted by, it is our goal to resolve them and get organizations back to normal operations as quickly as possible."

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Old Stone Wall Graphic

    Microsoft Addressing 36 Vulnerabilities in December Security Patch Release

    Microsoft on Tuesday delivered its December bundle of security patches, which affect Windows, Internet Explorer, Office, Skype for Business, SQL Server and Visual Studio.

  • Microsoft Nudging Out Classic SharePoint Blogs

    So-called "classic" blogs used by SharePoint Online subscribers are on their way toward "retirement," according to Dec. 4 Microsoft Message Center post.

  • Datacenters in Space: OrbitsEdge Partners with HPE

    A Florida-based startup is partnering with Hewlett Packard Enterprise in a deal that gives new meaning to the "edge" in edge computing.

  • Windows 10 Hyper-V vs. Windows Server Hyper-V: Which Platform for Which Workloads?

    The differences between these two Hyper-V versions are pretty significant, depending on what you plan to use them for. Here's a quick rundown of each platform, from their features to licensing quirks to intended use cases.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.