Synology NAS Products Hit with Synolock Ransomware

Synology NAS owners running older versions of the company's DiskStation Manager software are falling victim to a security flaw that lets attackers remotely lock them out of the files on their storage system and demand a ransom before unlocking the data. The attack, called SynoLock, encrypts files on victim's NAS devices, then demands .6 BitCoin (about US$350) in exchange for the decryption code.

Synology NAS systems hit with SynoLock ransomeware attackSynology NAS systems hit with SynoLock ransomeware attack

A company spokesman told The Mac Observer,

So far, it looks like the matter is localized to non-updated versions of [DiskStation Manager] 4.3, but we are actively working on, and researching the issue to see if it also effects DSM 5.0 as well.

Synology's advice to customers is to disconnect the NAS from their router or shut down external access. Users also need to update to the latest DSM software version and make sure they have a good data backup, too.

If your NAS has been hacked, Synology said it's best to perform a hard shutdown to avoid more problems, and contact the company for additional help through its Knowlegebase website. To perform a hard shutdown, press and hold the device's power button until you hear a long beep.

While attackers are demanding payment in BitCoin, this isn't a BitCoin-specific issue or threat. The attackers could ask for payment in any currency, but presumably chose BitCoin because it's more difficult to trace than traditional money transactions.

The company is currently working to learn more about the threat and said it will release new information when it is available.