Day after Synolocker (not infected)

As like many people i run my blog on my Synology nas.
Unfortunately Synology’s around the world got infected with SynoLocker.
As a precaution i had my Synology disabled for a day till more info was available..

20140803_SynoLocker_xpenology

SynoLocker detection method:
Enable SSH internally on 1 ip local address and log in with putty.
Then run: “ps | grep synosync | grep -v grep”

If it gives a response then your Synology is infected. best to put it down with the power button pressed and wait for the fix.

Looks like only certain firmware a vulnerable 4.3 and not 5.0 OS.


Synology Statement

We’d like to provide a brief update regarding the recent ransomware called “SynoLocker,” which is currently affecting certain Synology NAS servers. 

Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. At present, we have not observed this vulnerability in DSM 5.0.

For Synology NAS servers running DSM 4.3-3810 or earlier, and if users encounter any of the below symptoms, we recommend they shut down their system and contact our technical support team here: https://myds.synology.com/support/support_form.php.

-When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
-A process called “synosync” is running in Resource Monitor.
-DSM 4.3-3810 or earlier is installed, but the system says the latest version is installed at Control Panel > DSM Update.

For users who have not encountered any of the symptoms stated above, we highly recommend downloading and installing DSM 5.0, or any version below:
-For DSM 4.3, please install DSM 4.3-3827 or later
-For DSM 4.1 or DSM 4.2, please install DSM 4.2-3243 or later
-For DSM 4.0, please install DSM 4.0-2259 or later

DSM can be updated by going to Control Panel > DSM Update. Users can also manually download and install the latest version from our Download Center here: http://www.synology.com/support/download.

If users notice any strange behavior or suspect their Synology NAS server has been affected by the above issue, we encourage them to contact us at security@synology.com.

Apologies for any problems or inconvenience caused. We will keep you updated with latest information as we address this issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.