Ransomware attacks Synology NAS devices

"SynoLocker" malware infects through a vulnerability in older versions of their NAS software. The attack demands 0.6 BitCoins (about $350) to decrypt files.
Written by Larry Seltzer, Contributor

Synology has confirmed user reports that some of their Diskstation devices are being taken over by a ransomware attack. The attack replaces the DSM management software on the NAS, encrypts the files on the device and demands that the user pay 0.6 BitCoins to retrieve the files.

A Synology spokesperson told ZDNet that "Synology is fully dedicated to investigating this issue and possible solutions. Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. At present, we have not observed this vulnerability in DSM 5.0."

Synology adds that they will make an announcement in Synology official forums and our social media to help our users mitigate the issue.

NAS devices are typically headless (i.e. without a display) dedicated file servers, usually running Linux. They are reachable over the network like any other Linux device and programming the system need not require much intimate knowledge of the applications running on it.

Synology recommends to users who encounter this problem that they shut the device down immediately and contact the Synology support team.

Users who have not encountered the problem, they recommend updating to DSM 5.0, or any of these fixed versions:

  • For DSM 4.3, please install DSM 4.3-3827 or later
  • For DSM 4.1 or DSM 4.2, please install DSM 4.2-3243 or later
  • For DSM 4.0, please install DSM 4.0-2259 or later

DSM can be updated by going to Control Panel > DSM Update. Users can also manually download and install the latest version from the Synology Download Center.

Editorial standards