Multiple users of a popular Synology NAS are complaining that their NAS unit was infected with Ransomware, encrypting their data rendering it as inaccessible. The malware called Synolocker encrypts al... Synology NAS servers plagued by Ransomware
Bastards! Just put a pair of 6TB Reds in mine, luckily I've not put all my data back and still have the data backed up, plus I switched it off this morning so we'll check it when I get home and see if it was infected! Did Synology infect the latest DSM on purpose I wonder
Well, they are all offline now until we get some kind of clarification from Synology as to whether it is a security issue with an older DSM or a more current issue.
I checked mine when not online and all ok, but now powered down! Fcuking scumbags, someone ought to track em' down and film them being shot!!
this is so misleading its borderline hilarious. it isnt synology's fault that the user hasn't secured their system / NAS sufficiently. EDIT: just read up about their E-Z software that opens it up to takeovers... thats BAAAAAAAAAD! block the ports ladies and gents, plug them holes!
I'm not a miner so not sure about this, but since they ask for the BTC to be sent to an address in the 1st step, why not just trace it?
If there is a known security hole in Synology's software or firmware.....it is their fault..... They have a responsibility to patch any and all known security holes.
A**wipes, this is even worse than the recent mining "joke". This just a prime example of why the device config is sooo important. We've got a few customers who were also infected, luckily those were just "data storage", inmagine losing your backup and database... I hate working 12 hours +
I'd guess it's businesses they are really targetting but home users get caught as well. Not everyone is a Security Expert and knows how to lock down ports, configure firewall rules or generate/import SSL certificates, that's not the knowledge you'd expect your average home user to possess, so to blame the user entirely is a bit unfair. There needs to be more education, Synology has a few tutorials: Secure your NAS over the Internet Secure your NAS with HTTPS But, if you don't need to access your NAS via the internet then just don't use port forwarding, don't put a gateway IP in it and block access to all IP's except your local LAN. This POST may help too, although again you unfortunately need to understand what you are doing plus it's written when DSM4 was out but same can apply to DSM5.