×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Synolocker 0-Day Ransomware Puts NAS Files At Risk

Unknown Lamer posted about 5 months ago | from the you-have-an-offsite-backup-right? dept.

Data Storage 150

Deathlizard (115856) writes "Have a Synology NAS? Is it accessible to the internet? If it is, You might want to take it offline for a while. Synolocker is a 0-day ransomware that once installed, will encrypt all of the NAS's files and hold them for ransom just like Cryptolocker does for windows PC's. The Virus is currently exploiting an unknown vulnerability to spread. Synology is investigating the issue."

Sorry! There are no comments related to the filter you selected.

This is how we learn (5, Insightful)

Anonymous Coward | about 5 months ago | (#47605423)

not to connect your NAS directly to the internet.

Re:This is how we learn (-1, Flamebait)

mwvdlee (775178) | about 5 months ago | (#47605501)

Yeah, network attached storage should not be attached to a network.

Re:This is how we learn (4, Insightful)

jonwil (467024) | about 5 months ago | (#47605505)

It should be attached to a network fire-walled off from the Internet and only accessible if you are on the local LAN.

Re:This is how we learn (4, Insightful)

rikkards (98006) | about 5 months ago | (#47605555)

Kind of defeats the cloud feature on Synology NAS doesn't it? Granted you should have it firewalled off except for the specific port it needs.

Re:This is how we learn (1)

rikkards (98006) | about 5 months ago | (#47605561)

Oh also it can act as a firewall as well (not saying much for its capabilities though)

Re:This is how we learn (4, Insightful)

spacefight (577141) | about 5 months ago | (#47605581)

What if the attack surface is the "port it needs"?

Re:This is how we learn (4, Informative)

SuricouRaven (1897204) | about 5 months ago | (#47605605)

When did 'server full of hard drives' turn into 'cloud storage?'

The useful thing about the cloud is that no-one knows what it actually is, so any company is free to call their product cloud-based without contest.

Re:This is how we learn (1)

jythie (914043) | about 5 months ago | (#47605613)

Well, by the original usage, a server full of drives would not be "cloud storage", but as with any new term that gets popular marketers use it to describe products that only kinda function a little like the new stuff.

Re:This is how we learn (4, Funny)

FireFury03 (653718) | about 5 months ago | (#47605769)

Well, by the original usage, a server full of drives would not be "cloud storage"

I want to dispute this - I had a server full of drives that I bought to be my "cloud storage". But when I tried to store my cloud in it, it started to leak out of the server. I ended up with a messy pool of water on the floor and a ruined server!

Re:This is how we learn (2)

SpzToid (869795) | about 5 months ago | (#47606139)

Technology Students in Southern California and Florida have managed to achieve a breakthrough in cloud-storage. Imagine for a moment, if you could possibly harness the entire storage volume of The Cloud, and then increase that by a trillion-fold! That's exactly what these students have achieved by a technique having to do with their ability to create an environment with sustained, extremely cold temperatures over a lengthy period of time. Imagine all the clouds you could see across the Wyoming horizon, and then holding all of them in something a lot like an ordinary ice cube tray. That's the power of the cloud, where the lightening comes from(tm)!

However I'm still somewhat foggy as to how they implement it. I've even heard there's even a subgroup of those technology students that "likes to crush the cloud", whatever that's supposed to mean.

Now excuse me while I water that last patch of grass you're standing on please, using only cloud energy, of course as I'm write publicly on The Slashdots to be read worldwide and forever.

Re:This is how we learn (1)

mrchaotica (681592) | about 5 months ago | (#47606423)

That's the power of the cloud, where the lightening comes from(tm)!

For the love of $DIETY, enforce that trademark so no real company uses that catch phrase!

Re:This is how we learn (0)

SpzToid (869795) | about 5 months ago | (#47606483)

As a working stiff seriously just trying to keep up with my rent, I'll ask the Slashdots, is this idea kickstarter worthy, because I can't actually finance the application myself at this time? As always, I'll set the default answer at NO. But oh so how I wish I was proven wrong, yet there's that cynicism kicking in again. Have a nice day y'all, and thanks for the complement, while I get back to bulking SSL certificates. Ho hum.

Re:This is how we learn (0)

SpzToid (869795) | about 5 months ago | (#47606499)

Sorry to reply to myself but I just got an idea. "That's the power of the cloud, where the lightening comes from, cubed!"

Re:This is how we learn (5, Funny)

ShaunC (203807) | about 5 months ago | (#47605823)

The useful thing about the cloud is that no-one knows what it actually is, so any company is free to call their product cloud-based without contest.

Reminds me of the quote about "big data" being like sex in high school. Nobody's really sure what it is, but everyone thinks that everyone else is doing it, so everyone says they're doing it, too.

Re:This is how we learn (4, Informative)

AmiMoJo (196126) | about 5 months ago | (#47605961)

It basically runs a dynamic DNS client that lets you connect to your NAS away from home, via a web site. For this to work it must accept connections through your firewall, which it uses UPnP to set up.

Re:This is how we learn (0)

Anonymous Coward | about 5 months ago | (#47606015)

When did 'server full of hard drives' turn into 'cloud storage?'

When someone accessed it over the internet?

Re:This is how we learn (2)

s.petry (762400) | about 5 months ago | (#47606633)

Really? So we had "Cloud" back in 1984 when NFS was released?

Re:This is how we learn (1)

hawkinspeter (831501) | about 5 months ago | (#47606457)

I always thought that "cloud" meant "on someone else's computer", so as long as you don't own the storage, it's "in the cloud".

Re:This is how we learn (0)

Anonymous Coward | about 5 months ago | (#47606569)

Right but maybe they think of it like cell phones, you buy it, but they still consider it theirs to control, until it breaks, then it is yours to replace.

Re:This is how we learn (0)

Anonymous Coward | about 5 months ago | (#47605679)

"only accessible if you are on the local lan" covers people connected to said lan via a vpn.

Re:This is how we learn (2)

drinkypoo (153816) | about 5 months ago | (#47605761)

Kind of defeats the cloud feature on Synology NAS doesn't it?

It's called VPN. Learn it, live it, love it. Also, welcome to slashdot. You must need a welcome, because we know about VPNs here.

Re:This is how we learn (0)

Anonymous Coward | about 5 months ago | (#47606107)

Some of us have better things to do with our time than tinker with computers and fuck with VPNs when we access our shit. Not all of us are sniveling little nerds.

Re:This is how we learn (0)

Anonymous Coward | about 5 months ago | (#47606407)

ah. then this is your last time reading /. , since that's the target audience. good riddance.

Re:This is how we learn (1)

Lazere (2809091) | about 5 months ago | (#47606539)

Yep, I have to "fuck with VPNs" whenever I need to access my stuff. Hitting that "connect" button is really hard, you know.

Re:This is how we learn (0)

Anonymous Coward | about 5 months ago | (#47605919)

Kind of defeats the cloud feature on Synology NAS doesn't it? Granted you should have it firewalled off except for the specific port it needs.

That makes no difference, this is a remote exploit over the remote access port, which is trivially scannable. Synology are not telling anyone what the actual attack vector is (SSL hole again?), meanwhile their unsuspecting users do not know this is happening, as synology aren't even sending emails out to warn the registers users.

It's worth noting that not a single case has happened to DSM5, so the hole may well be fixed for those that upgraded from 4.x.

Re:This is how we learn (0)

Anonymous Coward | about 5 months ago | (#47605611)

The firewall is a reasonable precaution I have already implemented. Although I don't have a Synology NAS, I do have an NAS that is attached to the internet because that's the point: I want to be able to access my files remotely from wherever I may be.

Re:This is how we learn (0)

Anonymous Coward | about 5 months ago | (#47605649)

Hard crunchy outer shell. soft chewy underbelly.

Nom-nom-nom-nom-nom! More tasty internal LAN's for *me*, as my rootkitted minion laptops wander into "secure" environments delivering my tasty minions to your unsecured internal network.

Re:This is how we learn (1)

Thanshin (1188877) | about 5 months ago | (#47605513)

If it was meant to be connected to the internet it would be called ASOTAS

Re:This is how we learn (0)

Anonymous Coward | about 5 months ago | (#47605795)

not to connect your NAS directly to the internet.

Especially the IPv6 guys want to connect everything directly to the Internet because NAT "is not a real firewall". So unfortunately we can't but expect more schoolboy mistakes like this in the future.

Re:This is how we learn (0)

Anonymous Coward | about 5 months ago | (#47605933)

Especially the IPv6 guys want to connect everything directly to the Internet because NAT "is not a real firewall".

NAT *isn't* a firewall, just like RAID isn't a backup strategy. No one's recommending not having a separate firewall for their IPv6 boxes connected to the Internet. Go back and learn how networking works, son.

Re:This is how we learn (2)

saleenS281 (859657) | about 5 months ago | (#47606219)

The problem is Synology advertises it as a replacement for your router/firewall as well. I always thought that was stupid. I mean, I get the draw of "only having one box", but I don't know why you'd ever directly expose your personal data to the internet that way.

Nuke it from orbit, then restore from backups. (1)

heypete (60671) | about 5 months ago | (#47605433)

You do have backups, right?

Re:Nuke it from orbit, then restore from backups. (3, Funny)

Anonymous Coward | about 5 months ago | (#47605441)

Of course. But they are on another similar box connected to the internet of things which was crypted earlier.

Re:Nuke it from orbit, then restore from backups. (3, Insightful)

Noughmad (1044096) | about 5 months ago | (#47605445)

Backup? What do people usually use NAS for, I always thought it's mostly for ripped/torrented movies and backups of other computers. Neither of these need backups.

Re:Nuke it from orbit, then restore from backups. (2)

fuzzyfuzzyfungus (1223518) | about 5 months ago | (#47605507)

They may have some unhappy customers right now; but 'NAS', in Synology's product lineup, includes a variety of devices that are aimed either at reasonably serious users or very serious pirates.

Re:Nuke it from orbit, then restore from backups. (2, Funny)

Anonymous Coward | about 5 months ago | (#47605639)

They may have some unhappy customers right now; but 'NAS', in Synology's product lineup, includes a variety of devices that are aimed either at reasonably serious users or very serious pirates.

Translation: They have a built-in torrent client and FTP server. Therefore you can practically smell the salt water reeking from ye digital box.

I love how certain tools label people as scurvy dogs hell-bent on illegal activities.

Re:Nuke it from orbit, then restore from backups. (5, Funny)

Thanshin (1188877) | about 5 months ago | (#47605709)

The deluxe edition comes with an eye-patch. They initially offered a parrot, but there where some shipment incidences*.

*: There's still some debate about the actual status of the parrots upon arrival. Synology insists on the parrots' being alive, but there have been customer reports on the parrots being: "passed on", "no more", "ceased", "expired and gone to meet it's maker", "a stiff", "Bereft of life", "resting in peace", among others.

Re: Nuke it from orbit, then restore from backups. (0)

Anonymous Coward | about 5 months ago | (#47605887)

It's a superposition...

Re: Nuke it from orbit, then restore from backups. (2)

maroberts (15852) | about 5 months ago | (#47606401)

No I think it was a Norwegian Blue, but I'm not sure we can af-fjord any more references to that sort of thing

Re:Nuke it from orbit, then restore from backups. (1)

neoform (551705) | about 5 months ago | (#47606097)

Synology's NAS OS has a nice built in BT client with built in search that goes to all your favorite sites.

Re:Nuke it from orbit, then restore from backups. (1)

TyFoN (12980) | about 5 months ago | (#47606245)

The NAS OS is linux and the BT client is just transmission with a web interface.

But it is nicely put together :)

Re:Nuke it from orbit, then restore from backups. (0)

Anonymous Coward | about 5 months ago | (#47606609)

Here's a great case against using Linux :)

Third parties can put together a poor OS distro, and leave it so full of holes that this can happen. Should have used FreeNAS :)

Seriously speaking though, this happened because it was obviously able to run a binary on the device itself, so that means there's some obvious security hole (telnet open?)

Recently I found video files (torrents) that have a filenames designed to hide the .exe in them so they look like AVI files. If you're not paying attention you'll accidentally run them (they have the VLC icon) and they aren't picked up by ANY antivirus package. I submitted samples to at least one AV vendor.

In two different payloads, it uses a exe-compiled AutoIT macro to decrypt the video file, so someone not paying attention will not realize what is happening until maybe they finished watching the video. Someone who is paying attention would realize that it's a executable binary, not a normal video because you can't "play in VLC"

When it runs, it attempts to download and launch various malware shit. One of the payloads is a bitcoin miner, another is an unknown payload because it failed to run inside the sandbox, and I'm not stupidly running things with administrative permission levels.

None the less, this malware explicitly targeted people who download torrents. The first clue that it's malware is that it's a video file wrapped in a rar file. If you open the rar file with 7zip and not winrar, you'll see the filename end with ".exe -.avi" using some character that mimics a backspace or something. If you try to rename the file, you'll see the real extension.

Re:Nuke it from orbit, then restore from backups. (2)

Chris Mattern (191822) | about 5 months ago | (#47606187)

Synology now insists that this in fact reflective of their move to quantum computing technology, and that the parrot is both alive and dead.

Re:Nuke it from orbit, then restore from backups. (0)

Anonymous Coward | about 5 months ago | (#47606381)

The deluxe edition comes with an eye-patch. They initially offered a parrot, but there where some shipment incidences*.

*: There's still some debate about the actual status of the parrots upon arrival. Synology insists on the parrots' being alive, but there have been customer reports on the parrots being: "passed on", "no more", "ceased", "expired and gone to meet it's maker", "a stiff", "Bereft of life", "resting in peace", among others.

Synology is right, the parrots were definitely alive up until the box was opened by the recipient. The catch is that they were also definitely dead.

Sincerely,
Erwin Schrodinger

Re:Nuke it from orbit, then restore from backups. (1)

fuzzyfuzzyfungus (1223518) | about 5 months ago | (#47605729)

Quite the opposite. Being satisfied with the built in bittorrent clients, or FTP in general, suggests somewhat casual activity; but if you are buying your piracy gear based on its support for lots of iSCSI LUNs, 10GbE, and availability of rackmount expansion enclosures with redundant power supplies I would say that you are pretty serious about it...

I don't know how successful they've been in terms of market share; but their pitch for most of the 'rackstation' line suggests that they are hoping for relatively demanding applications by the standards that 'NAS' has historically evoked.

Re:Nuke it from orbit, then restore from backups. (0)

Anonymous Coward | about 5 months ago | (#47606365)

They may have some unhappy customers right now; but 'NAS', in Synology's product lineup, includes a variety of devices that are aimed either at reasonably serious users or very serious pirates.

Let's be honest, it doesn't take very many BR Rips to come out ahead on a $500 NAS, unless you are comparing it to RedBox.

Re:Nuke it from orbit, then restore from backups. (0)

Anonymous Coward | about 5 months ago | (#47605535)

Backup? What do people usually use NAS for, I always thought it's mostly for ripped/torrented movies and backups of other computers. Neither of these need backups.

Meh, if you ripped it you can rip it again (assuming you didn't get rid of the disc), if you torrented it you can torrent it again, if you backed up another machine onto it you can back it up again. Maybe it was about time you did another backup anyway. It'll be a load of hassle but not the end of the world unless you really wanted to keep older versions of things.

If it is the end of the world for some of your important files then maybe they should have been backed up again to a different machine/location. I thought that was standard in case your house burnt down/machine was nicked/crazy ex threw it out the window.

Re:Nuke it from orbit, then restore from backups. (5, Informative)

Dutch Gun (899105) | about 5 months ago | (#47605715)

My Synology NAS is my home-based business' file server, a local machine backup (for my development machine and my digital audio workstation), and a media server for my ripped DVDs and Blurays, although this third function is just a nice bonus for me. Synology NAS devices have a very handy cloud backup application as well, which I use to backup all my most critical files to Amazon S3 services. I hope most people made use of this, because if Cryptolocker has taught us anything, it's that you absolutely need offsite backups that are NOT connected to your network.

I bought it specifically because it makes it easy to set up a multi-tiered backup strategy like that - something that takes on new importance when you spend a few years writing code on your own dime. As a file server, it's fantastic for small operations. I had a drive begin to fail last year, and so had a chance to test out the hot-swapping / RAID rebuilding feature. Worked like a charm - was super simple and zero down-time.

Personally, I've never once considered opening up my NAS to the outside internet. That always seemed crazy risky to me - after all, a single software mistake, a buffer overrun in a protocol stack of some sort, and *poof*, there's direct access to your file server and all it's critical data. I guess sometimes being paranoid pays off, but it gives me no pleasure to say so.

Re:Nuke it from orbit, then restore from backups. (0)

Anonymous Coward | about 5 months ago | (#47605953)

Not really. Presumably you'd update your gear. This was patched last fscking year!

Re:Nuke it from orbit, then restore from backups. (1)

TerryC101 (2970783) | about 5 months ago | (#47606131)

I didn't think it was known yet if it was the same attack vector.

Re:Nuke it from orbit, then restore from backups. (0)

Anonymous Coward | about 5 months ago | (#47606195)

Synology NAS devices have a very handy cloud backup application as well, which I use to backup all my most critical files to Amazon S3 services.

Personally, I've never once considered opening up my NAS to the outside internet. That always seemed crazy risky to me - after all, a single software mistake, a buffer overrun in a protocol stack of some sort, and *poof*, there's direct access to your file server and all it's critical data.

...kinda like putting it up in the cloud does.

Re:Nuke it from orbit, then restore from backups. (1)

saleenS281 (859657) | about 5 months ago | (#47606517)

S3? Yuck. Their pricing is horrendous. I'd suggest crashplan.

http://www.code42.com/crashplan/ [code42.com]
http://forum.synology.com/wiki/index.php/CrashPlan_Headless_Client [synology.com]

Although the synology forums are currently getting destroyed (guessing from this article).

Re:Nuke it from orbit, then restore from backups. (2)

pnutjam (523990) | about 5 months ago | (#47606273)

Backups need backups too. Your data isn't safe unless there are 3 copies, working, backup, archive (minimum), one should be offline.

Re:Nuke it from orbit, then restore from backups. (2)

Noughmad (1044096) | about 5 months ago | (#47606425)

Backups need backups too. Your data isn't safe unless there are backups all the way down.

But seriously, having two copies is enough most of the time, provided they are somewhat separate (i.e. not on two identical, connected NAS machines).

Us with Ebola (-1)

Anonymous Coward | about 5 months ago | (#47605451)

It's the shit we're not looking for that gets us.

I came back from Capetown in February fevered, vomiting, with diarrhea, sore throat, sneezing, coughing. Had to go to Mt. Sinai and have tests run and fluids pumped into me. It was e. Coli. I had a 26 hr. flight. No one asked me anything.

We almost had an American from Minnesota working in Liberia come back to the Us with Ebola. He died en route.

But first he pissed all over the hospital workers looking after him. I can't think of a more frightening epidemic.

Fatal in 90% of cases. Vomiting, fever, diarrhea, aches, sneezing, coughing, plus you bleed from every orifice in your body. Despite claims to the contrary, it can become airborne. It can also be sexually transmitted through male semen of asymptomatic carriers for up to two months. This is like AIDS meets the bubonic plague with a little influenza thrown in.

Then we flew two do gooder fucktards into the US with it. I don't care how nice they are. They broke containment.

Why would we do that? Maybe for cover, because it was already here. This shit has me freaked the fuck out.

The first plane bound for Atlanta from Africa refueled in Bangor. Why would it fly to Maine?

Then I thought, it's the Appalachian trail. It starts in Maine and ends in Georgia. They want to kill the teahadists, as the IRS and DHS call them. The facility these workers were stationed at in Africa was run by a Soros-funded NGO.

Do you think this hasn't been brought to Obama'd attention? I seriously don't think he gives a fuck. More likely the House set us up for amnesty before they went on vacation, so he can quit bluffing, worthless cocksuckers that they are.

Captcha: AFFLICT

Heh heh. Heh heh.

Re: Us with Ebola (0)

Anonymous Coward | about 5 months ago | (#47605703)

STFU Troll

Nothing to see here (0)

Anonymous Coward | about 5 months ago | (#47605463)

because all my files are encrypted. I can see the list of files, but it only makes me want to puke. I am fucked, screwed, and borked, all at once. Thanks Syno. Damn Chinese software! Never again. They can make cheap hardware but they can't make software worth ... my files! All my pretty files. Gone.

Re:Nothing to see here (0)

Anonymous Coward | about 5 months ago | (#47605647)

Stop being a tight arse and pay the ransom!

Re:Nothing to see here (0)

Anonymous Coward | about 5 months ago | (#47605915)

Can't you pay the ransom with a credit card, and then stop payment or dispute it once you have successfully retrieved the unlock key? Oh, and don't buy insecure *nix based solution to start with would be a good idea.

Re:Nothing to see here (1)

hawkinspeter (831501) | about 5 months ago | (#47606537)

Why don't you just restore from your offsite backup?

Worlds smartest liberal! (-1)

Anonymous Coward | about 5 months ago | (#47605467)

https://www.youtube.com/watch?v=32z4ILDjijU

He wanted to win an Xbox for his son. So he spent $2600 at a carnival game over two days and only ended up with a stuffed banana. Note that you can buy an Xbox 360 at Walmart for $180.

On his way home from the carnival he told reporters: "Yes I do plan to vote for Obama for a third term, why do you ask?"

Re:Worlds smartest liberal! (0)

Anonymous Coward | about 5 months ago | (#47605589)

200% Offtopic
Not only this post is offtopic relative to the the news, it's also offtopic relative to itself (guy loses money at a carnival game -> blah blah Obama). Nice one.

"Investagating"? (2)

fnj (64210) | about 5 months ago | (#47605483)

Really?

Re:"Investagating"? (4, Funny)

wonkey_monkey (2592601) | about 5 months ago | (#47605511)

A've encrypted all the farst As (the nanth letter of the alphabet) an each word on Slashdot (except an sags). You must pay me sax mallion dollars to get them back.

Re:"Investagating"? (1)

wonkey_monkey (2592601) | about 5 months ago | (#47605525)

Goddammit. There are three Is in "investigating."

*palmface*

Re:"Investagating"? (0)

Anonymous Coward | about 5 months ago | (#47605669)

But there is no "I" in teamwork!!!!

That's because when managers start spouting that nonsense, "I" get out very, very fast.

Re:"Investagating"? (0)

Anonymous Coward | about 5 months ago | (#47606027)

Mod parent "+1 halaraous!"

Re:"Investagating"? (1)

Thanshin (1188877) | about 5 months ago | (#47605519)

Well, they need gates. And gates aren't free.

RTFS (1)

hoboroadie (1726896) | about 5 months ago | (#47605521)

Amazing! Somebody is paying attention.

Re:"Investagating"? (0)

Anonymous Coward | about 5 months ago | (#47605913)

Contraction of "investigate" and "stagnate".

Interesting (3, Interesting)

rebelwarlock (1319465) | about 5 months ago | (#47605531)

So between TOR and bitcoin, they think they finally have a viable method of collecting on ransomware. Also, I found it interesting that they're asking specifically for 0.6BTC - that is, double what Cryptolocker is asking. I wonder if there's an intentional correlation there.

Re:Interesting (2)

GNious (953874) | about 5 months ago | (#47605705)

My bit of pondering is whether that 0.6btc can be tracked/identified at companies handling bitcoins, and especially at companies converting between btc and real money?

Could you basically get the police (Europol/Interpol?) involved, and when a company reports that a user is trying to use/convert the btc you paid with, have that user charged with ransoming data, or taking stolen goods (i.e. either as the original thief, or as a fence)?

If the 0.6btc is acquired by the person via a laundry-service, charge him/her with engaging in activities meant to conceal the original crime?

Re:Interesting (0)

Anonymous Coward | about 5 months ago | (#47605793)

Just get a clueless mule to buy moneypaks for you.

Thats it.

You get the wrong guy, they get their money.

Re:Interesting (0)

Anonymous Coward | about 5 months ago | (#47605767)

Sometimes people have their documents and other valuable files tucked away in a encrypted container file, offline hard drives and such. They might notice something went horribly wrong and correctly decide not to mount/plugin their hard drives on that computer.

Here? You're exploiting a device that's used to store and share large amount of data. The chance that your going to encrypt something very dear to them goes up, and you can bet your ass that they will pay whatever you ask for. Within reason of course.

Re:Interesting (0)

Xenna (37238) | about 5 months ago | (#47605835)

That's what I was thinking.

Now this is just data, but what if this kind of thing gets used for real ransom demands?
Like kidnapping someone's child and demanding ransom in bitcoin.
Is it feasible that one could get away with that?

Wouldn't that be the death of TOR and bitcoin?
I mean I'm all for privacy but not if it facilitates kidnapping.

Re:Interesting (0)

Anonymous Coward | about 5 months ago | (#47606541)

I mean I'm all for privacy but not if it facilitates kidnapping.

TOR or other tor-like services, and bitcoin or equivalents will *always* be possible on any general purpose network like the internet. So it is the internet that facilitates kidnapping, shutting down TOR would just shift anonymous traffic to another similar service, same with bitcoin. So logically you must think the entire Internet should be shut down, it's the only way to stop anonymous kidnappers collecting ransoms.

Also, giving up all your privacy will always potentially help crime solving, so we should all give up all of our privacy to reduce crime. Cameras in every private room will certainly deter crime, probably at least half of all crimes happen in these places.

In other words, you're a moron.

"Synology is investagating" (0)

Anonymous Coward | about 5 months ago | (#47605645)

Is it. Is it really.

'Investigating', not 'investAgating'. American cretins.

Open-source? (0)

Anonymous Coward | about 5 months ago | (#47605653)

Is the firmware that was hacked open-source?

"Open source projects that are included with Synology DiskStation/RackStation series."
http://sourceforge.net/projects/dsgpl/

Windows (0, Troll)

Anonymous Coward | about 5 months ago | (#47605661)

This shows that users should switch from windows to Linux because Linux is more secure.

Oh wait...

Cheeky bastards (5, Funny)

CurryCamel (2265886) | about 5 months ago | (#47605739)

From TFA: the message that pops up to the victims ends with:

Copyright 2014 SynoLocker(TM) All Rights Reserved.

I have a real hard time respecting that copyright...

Re:Cheeky bastards (3, Insightful)

drinkypoo (153816) | about 5 months ago | (#47605903)

I have a real hard time respecting that copyright...

And yet you are still required by law to respect it, even though the act of creating and disseminating that code is illegal.

Re:Cheeky bastards (0)

Anonymous Coward | about 5 months ago | (#47605999)

It's interesting how the whole ransom page is crafted to look like it's some kind of legitimate step of being a Synology customer. No flaming skulls or "lolz you have been pwned" text. Just perform this little Bitcoin payment to keep your system running. Some suckers might just think "oh, okay, I guess this is part of the deal then".

Update from Synology-sec issue patched 12/2013 (5, Informative)

bhoar (1226184) | about 5 months ago | (#47605839)

Updated posted 8/5/2014 by Jeremie on the English language Synology Forum: [We’d like to provide a brief update regarding the recent ransomware called “SynoLocker,” which is currently affecting certain Synology NAS servers. Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. At present, we have not observed this vulnerability in DSM 5.0.]

Re:Update from Synology-sec issue patched 12/2013 (0)

Anonymous Coward | about 5 months ago | (#47606095)

That post is at http://forum.synology.com/enu/... [synology.com]

Beyond the quoted text, note that this also gives instructions on how to update the DSM software. Rough steps:

1. Start Synology Assistant (may be able to bypass this with other connection methods).
2. Select your DiskStation and click the Connect button.
3. Go to Control Panel and select DSM Update.
4. Tell it to Download and then Install the latest software.
5. Wait up to twenty minutes while it installs.

Unlike a desktop OS, browser, or other software, the DiskStation does not normally remind you to do this. You have to check manually.

If you don't want to install the latest software, it looks like you can get older versions from http://www.synology.com/suppor... [synology.com] (requires Javascript).

Incidentally, my DiskStation was still running the older software, which came installed on it. Shouldn't security updates get installed automatically for most people? I get that some want full control but shouldn't the default be to auto-install?

Re:Update from Synology-sec issue patched 12/2013 (1)

Anonymous Coward | about 5 months ago | (#47606271)

Also hopefully you have a newer version of the hardware. They EOL'd a bunch last year and people were not happy. In other words they get 4.0 and thats it. Think mine EOLs in 2 years.

I get that some want full control but shouldn't the default be to auto-install?
The upgrades have been haphazard from synology. They usually take 1-3 patches before they fix everything. Also sometimes they tell it to do 'scrubbing'. Which then has the effect of overheating the drives. Then people lose their data and blame the patch. Many have got stuck also in the 'indexing' issue. The cpu goes to 100% and then sits there digging thru the files doing something (no one is really sure).

I usually wait a couple of weeks then patch. I have seen too many people on their forums lose their entire array. I do not feel like restoring that much data any time soon.

They are also using a 2.6.30ish kernel. You know from about 3-4 years ago... So all those ext4 updates have not been put in there. When I saw that I thought do not think I will be using the openssh tool they put into this thing. Maybe on my router where rmerlin and asus have been keeping it up to date...

But for a plug and play nas they are way cool... Use mine everyday.

Re:Update from Synology-sec issue patched 12/2013 (2)

MachDelta (704883) | about 5 months ago | (#47606427)

[quote]Unlike a desktop OS, browser, or other software, the DiskStation does not normally remind you to do this. You have to check manually.[/quote]
It's trivially easy to set up a Synology NAS to email/sms/skype/etc you about both OS and package upgrades being available, at least on the versions of DSM I've used.

Re:Update from Synology-sec issue patched 12/2013 (0)

Anonymous Coward | about 5 months ago | (#47606181)

Updated posted 8/5/2014 by Jeremie on the English language Synology Forum:

[We’d like to provide a brief update regarding the recent ransomware called “SynoLocker,” which is currently affecting certain Synology NAS servers.

Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. At present, we have not observed this vulnerability in DSM 5.0.]

There is a screenshot on the synology forums showing the hostage message on a DSM 5.0 background. Based on this I'd say Synology are talking crap and haven't a clue what's going on. I'd also say based on my experience of their support generally, they're talking crap and haven't a clue what's going on. So no change there.

I

Re:Update from Synology-sec issue patched 12/2013 (1)

bhoar (1226184) | about 5 months ago | (#47606243)

Theory is that the DSM 5.0 looking background is a background image snapshot and what is displayed is a simpler webpage with just the countdown timer and links. Why program the payload as an actual DSM module when you can just put a much simpler webpage in place? Synology appears to think similarly, as they say one of the symptoms is that you didn't upgrade to 5.0 but the background looks like 5.0.

Re:Update from Synology-sec issue patched 12/2013 (3)

bhoar (1226184) | about 5 months ago | (#47606275)

Hmm, reading more, I think I'm fully or partly wrong about what's going on with the background, since synology states in the updated post that the symptom is that you were running 4.3 or earlier, but now you've got the extortion message and DSM reports it is 5.0. Apologies for posting that last message before I knew what I was talking about.

What a load of FUD! (0)

randomhacks (3420197) | about 5 months ago | (#47605901)

This article is complete FUD. According to Synology "this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013." Like any operating system - if you don't patch it then you it will be probably be vunerable to hacking. Just upgrade to the lastest version. As you were.

Re:What a load of FUD! (1)

Fringe (6096) | about 5 months ago | (#47606019)

That's not entirely fair. That's still a pretty recent version - if you purchase from Amazon or NewEgg you have a good bet of getting it even on an x14 model, and certainly will get that or older on any other model - and there's no "Automatic Update" mechanism on Synology systems. Plus they're essentially storage appliances; users aren't expected to log into and manage them frequently. And the feature that seems to put people at risk is a selling point of the device.

I'm not bashing Synology; I have two Syns running in my system (both current, both firewalled, neither has the rumored susceptible port open, neither infected.) But you're not spending enough time around regular people if you think people expect to be logging into the admin screen of their external hard drive - or their fridge, toaster oven or coffee maker - frequently to check for updates. ;)

Re:What a load of FUD! (2)

h2okies (1203490) | about 5 months ago | (#47606077)

There is however the constant Nag from Synology to upgrade to the latest versions that system automatically kicks out to you along with the emails they send about the current patches that they recommend you apply to your system. No one auto-patchs NAS devices as bad things can happen to peoples data.

Re:What a load of FUD! (4, Interesting)

Dutch Gun (899105) | about 5 months ago | (#47606261)

A NAS device is not a toaster. It's a file server running a lightweight but fully-featured operating system. You don't need to be a professional network administrator, but you do need to be careful enough to at least check in regularly for updates. One presumes such hardware was purchased because you had valuable data you wished to manage or protect. Honestly, a NAS is really not a purchase for "normal" people. Power-users and up, I'd say, are the minimum personnel requirements.

Even so, Synology machines are not hard to patch. They download OS updates automatically by default. All you have to do is log in via the administration page once in a while and click the "update" button, since it pops up right on the page after it sees you have an update to install. And every update has a link right next to it that points to a web page detailing exactly what changed or what was fixed. I'd suppose the reason there's no "auto-update" is because an update requires a 5-10 minute patch and reboot cycle, and you generally don't want your file server automatically rebooting at it's own convenience.

I'm presuming (since information is a bit scarce) that users either failed to patch their machines for six months or longer due to neglect, or they made a deliberate choice not to do so for some reason, yet kept their internet-facing services wide open (note that these are not installed or enabled by default). Unfortunately, that's pretty much a guaranteed recipe for an attack of this sort. It's a crappy way to have to learn a lesson.

Re:What a load of FUD! (2)

SuiteSisterMary (123932) | about 5 months ago | (#47606443)

and there's no "Automatic Update" mechanism on Synology systems.

Mine nags me every time there's an update released. There's no unattended update option, but that makes sense for a NAS.

Not a Zero Day (2)

JamieKitson (757690) | about 5 months ago | (#47606025)

There is no mention in the article of this being a zero day vulnerability, in fact the article specifically says "it’s not clear yet how SynoLocker’s operators installed the malware".

As others have said Synology is reporting the vulnerability was patched in December [synology.com] . Hardly a zero day.

/.ed (4, Interesting)

simplypeachy (706253) | about 5 months ago | (#47606169)

Forum post so far:

Hello Everyone,

We’d like to provide a brief update regarding the recent ransomware called “SynoLocker,” which is currently affecting certain Synology NAS servers.

Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. At present, we have not observed this vulnerability in DSM 5.0.

For Synology NAS servers running DSM 4.3-3810 or earlier, and if users encounter any of the below symptoms, we recommend they shut down their system and contact our technical support team here: https://myds.synology.com/supp... [synology.com] .

-When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
-A process called “synosync” is running in Resource Monitor.
-DSM 4.3-3810 or earlier is installed, but the system says the latest version is installed at Control Panel > DSM Update.

For users who have not encountered any of the symptoms stated above, we highly recommend downloading and installing DSM 5.0, or any version below:
-For DSM 4.3, please install DSM 4.3-3827 or later
-For DSM 4.1 or DSM 4.2, please install DSM 4.2-3243 or later
-For DSM 4.0, please install DSM 4.0-2259 or later

DSM can be updated by going to Control Panel > DSM Update. Users can also manually download and install the latest version from our Download Center here: http://www.synology.com/suppor... [synology.com] .

If users notice any strange behavior or suspect their Synology NAS server has been affected by the above issue, we encourage them to contact us at security@synology.com.

Apologies for any problems or inconvenience caused. We will keep you updated with latest information as we address this issue.

Article needs a rewite, simple, yet just the same. (1)

Trax3001BBS (2368736) | about 5 months ago | (#47606231)

As for the article...

First part says "According to the user, there’s a small window of opportunity to minimise the damage. That is, if you can backup files faster than the program encrypts them."

Then buried where many don't wonder (towards the end, it mentions "1) Power off the DiskStation immediately to avoid more files being encrypted"

I would think the wise thing would be to exchange the location of the two sentences. least you have some would be hero actually try to find where to start saving at.

If you know you need a NAS, why buy it? (0)

Gothmolly (148874) | about 5 months ago | (#47606531)

There's plenty of free options out there, if you really need that much storage, you need to care how it works and how well.

Re:If you know you need a NAS, why buy it? (0)

Anonymous Coward | about 5 months ago | (#47606597)

I have to nerd-out all day long at work. When I come home, I'm tired. As I've gotten older, I have more non-nerd responsibilities (home, family) that require my time, rather than tinkering with hardware assembly. I *do* know enough to understand what NAS is, that RAID is not a backup, etc. So I did research and chose a solution. Frankly with digital media becoming ubiquitous, 'that much storage' really isn't that much any more. Without resorting to torrents, pirating, or anything else, simply do the math: rip all your dvds to iso's (figure 8gb each) -- that means you retain special features, menuing etc., and rip all your CDs at a high bit rate (figure maybe 200mb each). ta-da. 'that much storage'.

Old fogies have a large number of dvds and cds.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?