Synology NAS Ransomware – Guide to remove it from system


Guide to Protect Synology NAS Against Ransomware Attack

New cyber-security report sheds light on the current Ransomware attack resurgence on Synology NAS (Network Attached Storage) systems.

Understanding Synology?

Synology is a Taiwan headquartered storage vendor that specializes in Network Attached Storage (NAS) appliances. NAS is a computer data storage server that provides data access to heterogeneous group of clients.

Synology NAS's Interface breached

This renowned Corporation was founded in January 2000 & distributes products worldwide.

Synology NAS Ransomware

Recent research revealed that Synology owners discovered that all the files in their NAS systems were encrypted. Hence, users of Synology NAS were warned to strengthen the passwords to their Network attached storage.

Threat Behavior

Investigations revealed that the attackers breached Synology NAS’s login interface via brute force or so called dictionary attacks and stole admin’s credentials. Once the guessed password matched with the default password, the attackers gained access to the NAS device and encrypted all the files on their NAS system. These cyber criminals demanded 0.06 Bitcoin, now worth $583 to restore the encrypted data.

It is believed that attackers leveraged botnet address to hide the real source IP.

Synology warned its users of Ransomware attack

Similar attacks in the recent past

Cyber criminals have been targeting internet facing NAS devices using similar methods from a variety of other vendors. For instance, attack on Taiwanese vendor QNAP’s NAS grabbed the headlines lately. Ransomware known as eCh0raix targeted QNAP NASes that had weak passwords or old operating systems. These infringements remind us to take security of our NAS devices rather seriously.

How to protect Synology NAS from Ransomware Attack?

It is believed that there is no tool available to decrypt the encrypted files. Hence, victims are advised to stay vigilant of this nasty trap as there is no way they can get the data back unless they have its backup.

To enhance system security, Synology users are recommended to leverage account management settings & built-in network.

1). Update Disk Station Manager (DSM):

DSM is an intuitive web-based operating system for every Synology NAS, designed to help you manage your digital assets across home and office.

Periodically, Synology releases free DSM updates. Updates may include function improvements, new features, performance enhancements, critical bug fixes and security patches for system stability. Hence, upgrading DSM ensures data security.

2). Strong Passwords

Synology has a feature that allows its users to enforce strong passwords. Using complex passwords prevents dictionary attacks to a great extent. To ensure system security you can:

  • Enable Auto Block in Control Panel to block IP addresses with too many failed login attempts.
  • Run Security Advisor to ensure there is no weak password in the system.

3). Enable two-step verification:

Enabling two-step verification prevents users from internet based attack as the probability to surpass it is almost negligible.

4). Disable the system default “admin” account:

Users are recommended to create a new account in administrator group and disable the system default “admin” account to prevent network breach.

5). Backup:

It is vital that you make offsite backups of the data to protect your data from network threats, unexpected hardware failure, and natural disasters. Moreover, you are advised to give read only access to your backup folders to avoid any discrepancies.

 Ransomware attack has become a growing threat to small offices & home users that are deprived of sophisticated defense systems. Internet based attacks in particular have grabbed the news headlines lately. The responsibility of putting an end to malware infections lies in the hands of users. Cautious attitude can save them from a huge loss. After all for every cyber-attack, there is a human cost.

Virus Removal Guidelines