SynoLocker Ransomware Affecting Synology DiskStation

Impact

• Remote Code Execution

System / Technologies affected

• DSM 4.3-3810 or earlier

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

• For Synology NAS servers running DSM 4.3-3810 or earlier, and if users encounter any of the below symptoms, we recommend users shut down the system and contact Synology's technical support team here: https://myds.synology.com/support/support_form.php.
  • When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
  • A process called “synosync” is running in Resource Monitor.
  • DSM 4.3-3810 or earlier is installed, but the system says the latest version is installed at Control Panel > DSM Update.
• For users who have not encountered any of the symptoms stated above, we highly recommend downloading and installing DSM 5.0, or any version below:
  • For DSM 4.3, please install DSM 4.3-3827 or later
  • For DSM 4.1 or DSM 4.2, please install DSM 4.2-3243 or later
  • For DSM 4.0, please install DSM 4.0-2259 or later
• DSM can be updated by going to Control Panel > DSM Update. Users can also manually download and install the latest version from our Download Center here:
  http://www.synology.com/support/download.
• If users notice any strange behavior or suspect their Synology NAS server has been affected by the above issue, Synology encourage users to contact at [email protected].

Vulnerability Identifier

• No CVE information is available

Source

• Synology Forum

Related Link

• http://forum.synology.com/enu/viewtopic.php?f=108&t=88770