Synology DiskStation Manager Infected with a CryptoLocker Hack

[Helios]

Synology DiskStation Manager Infected with a CryptoLocker Hack

Synology DiskStation Manager (DSM), the company's in-house NAS operating system, is vulnerable to a CryptoLocker hack, which the company is referring to as "SynoLocker." The nature of how NAS units get infected by this hack is unknown, but when it is, the malware encrypts portion of data stored on your NAS volumes, and holds it for ransom, for 0.6 BTC (US $350 as of now). It decrypts that data only upon payment of that money. There's no guarantee of your data being held for ransom again. The issue is currently localized to NAS units running non-updated versions of DSM 4.3, but Synology is investigating if the hack works on DSM 5.0 as well.

Synology is urging users to take the following steps - close all ports for external (Internet) access, and unplug your NAS from your local network; and with your NAS plugged into just one machine, update DSM to the latest version; and back-up your data. If your NAS unit is infected, disconnect it from the network, perform a hard-shutdown, and contact Synology. The issue highlights one of the many dangers of a distributed currency, in which the beneficiary of funds is difficult to trace.

 

[thatgui]

Armselig, dass man nicht mal wenigstens einen kleinen Hinweis auf der deutschen Webseite streut. Immerhin findet man auf der englischen Webseite einen Newsbeitrag:

[h=1]Synology[SUP]®[/SUP] Continues to Encourage Users to Update[/h]Washington, Bellevue—August 5th, 2014 —We’d like to provide a brief update regarding the recent ransomware called “SynoLocker,” which is currently affecting certain Synology NAS servers.
We are fully dedicated to investigating this issue and possible solutions. Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. Furthermore, to prevent spread of the issue we have only enabled QuickConnect and Synology DDNS service to secure versions of DSM. At present, we have not observed this vulnerability in DSM 5.0.

For Synology NAS servers running DSM 4.3-3810 or earlier, and if users encounter any of the below symptoms, we recommend they shutdown their system and contact our technical support team here: https://myds.synology.com/support/support_form.php

When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.

• A process called “synosync” is running in Resource Monitor.
• DSM 4.3-3810 or earlier is installed, but the system says the latest version is installed at Control Panel > DSM Update.

For users who have not encountered any of the symptoms stated above, we highly recommend downloading and installing DSM 5.0, or any version below:

• For DSM 4.3, please install DSM 4.3-3827 or later
• For DSM 4.1 or DSM 4.2, please install DSM 4.2-3243 or later
• For DSM 4.0, please install DSM 4.0-2259 or later

DSM can be updated by going to Control Panel > DSM Update. Users can also manually download and install the latest version from our Download Center here: http://www.synology.com/support/download.
If users notice any strange behavior or suspect their Synology NAS server has been affected by the above issue, we encourage them to contact us at security@synology.com.
We sincerely apologize for any problems or inconvenience this issue has caused our users. We will keep you updated with the latest information as we address this issue.

Quelle

im deutschen, inoffiziellen Forum gibt es auch einen Beitrag eines Betroffenen.

 

[Mornsgrans]

Heise war schneller:
Bereits vorgestern konnte man es dort lesen.

Cyber-Erpresser haben einen neuen, direkten Weg gefunden, um das digitale Hab und Gut ihrer Opfer als Geisel zu nehmen: Sie nutzen vermutlich eine Sicherheitslücke in der NAS-Firmware, um den gesamten Netzwerkspeicher zu verschlüsseln.

 

[Helios]

Oder Uwe war langsamer :whistling:? Wie auch immer... hier noch die Knowledge Base.

LG Uwe


Edit: Sehe jetzt gerade, dass TechPowerUp doch schneller als Heise und Uwe einfach langsamer war, rechnet man die Zeitverschiebung hinzu. Hatte den Artikel/Hinweis auch beinahe überlesen.