• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Synology Urges Users to Update as Ransomware Affects Older DSM Versions

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,244 (7.54/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
Synology has been investigating and working with users affected by a recent ransomware called "SynoLocker." Synology has confirmed the ransomware affects Synology NAS servers running older versions of DiskStation Manager, by exploiting a vulnerability that was fixed in December, 2013, at which time Synology released patched software and notified users to update via various channels.

Affected users may encounter the following symptoms:
  • When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
  • Abnormally high CPU usage or a running process called "synosync" (which can be checked at Main Menu > Resource Monitor).
  • DSM 4.3-3810 or earlier; DSM 4.2-3236 or earlier; DSM 4.1-2851 or earlier; DSM 4.0-2257 or earlier is installed, but the system says no updates are available at Control Panel > DSM Update.

For users who have encountered the above symptoms, please shutdown the system immediately to avoid more files from being encrypted and contact our technical support here. However, Synology is unable to decrypt files that have already been encrypted.
For other users who have not encountered the above symptoms, Synology strongly recommend downloading and installing DSM 5.0, or any version below:
  • DSM 4.3-3827 or later
  • DSM 4.2-3243 or later
  • DSM 4.0-2259 or later
  • DSM 3.x or earlier is not affected
Users can manually download the latest version from our Download Center and install it at Control Panel > DSM Update > Manual DSM Update.
Synology sincerely apologizes for any problems or inconvenience this issue has caused our users. As cybercrime proliferates and increasingly sophisticated malware evolves, Synology continues to devote resources to mitigate threats and is dedicated to providing users with reliable solutions.

View at TechPowerUp Main Site
 
Joined
May 13, 2010
Messages
6,073 (1.14/day)
System Name RemixedBeast-NX
Processor Intel Xeon E5-2690 @ 2.9Ghz (8C/16T)
Motherboard Dell Inc. 08HPGT (CPU 1)
Cooling Dell Standard
Memory 24GB ECC
Video Card(s) Gigabyte Nvidia RTX2060 6GB
Storage 2TB Samsung 860 EVO SSD//2TB WD Black HDD
Display(s) Samsung SyncMaster P2350 23in @ 1920x1080 + Dell E2013H 20 in @1600x900
Case Dell Precision T3600 Chassis
Audio Device(s) Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply 630w Dell T3600 PSU
Mouse Logitech G700s/G502
Keyboard Logitech K740
Software Linux Mint 20
Benchmark Scores Network: APs: Cisco Meraki MR32, Ubiquiti Unifi AP-AC-LR and Lite Router/Sw:Meraki MX64 MS220-8P
I hope the creator of this cryptovirus has his balls boiled while he's wide awake
 
Joined
Jul 3, 2008
Messages
174 (0.03/day)
Processor Intel Core i7 5820k
Motherboard MSI X99S-GAMING7
Cooling Corsair H105
Memory 16GB G.SKILL DDR4
Video Card(s) Gigabyte GTX1070 Gaming G1
Storage Samsung 840 Evo 256GB
Display(s) Acer Predator XB271HU
Case Corsair 800D
Audio Device(s) ASUS XONAR
Power Supply Corsair HX850i
Mouse Logitech G502
Keyboard Filco Majestouch
Software Windows 10
Had this on one of my customers Synology NAS's today. The NAS had a backup SR for XenServer. One of our admins followed the instructions and shut it down without realising it had volumes mapped into multiple live servers. He then did a hard reset on the device, leaving us to try and bring the VM backs to a workable state.... Fun day that one....

Lesson learnt. Make sure you update the firmware on these devices regularly and don't port forward the admin panel unless you need to.
 
Top