Some Synology users are being targeted with ransomware attacks using a flaw in the DSM software used to manage Synology DiskStation devices. Not all users are affected because the exploit was fixed in December 2013 and that fix is part of DSM updates, including all version 5.0 and later as well as DSM 4.3-3827 and DSM 4.2-3243.
This attack, called SynoLocker, involves someone gaining access to a user's device and encrypting it, then demanding payment of .6 bitcoin (about US $350) in exchange for the decryption key. I contacted Synology for more information about the how best to prevent this issue. I received the instructions below:
Launch DSM, then go to —> Control Panel —> DSM Update —> Download and update.
It's under 'System' all the way to the right.
If you prefer to do it by hand, you can download the latest version from Synology's Download Center.
Here's what the update prompt looks like.
After I spoke with Synology, a press release was posted more information about the issue. Please note, if you've already been attacked by SynoLocker this will not unencrypt your data. This is a preventative measure designed to protect you from such attacks. If you've already fallen victim to SynoLocker please contact Synology directly before doing anything else.