On August 4, 2014, Sonology warned the user of NAS devices about the latest ransomware infection dubbed Synolocker. The issue has been reported to affect the NAS servers running the version DSM 4.3 or earlier. The Synolocker malware exploits a security vulnerability, which was fixed and patched in 2013. According to the latest analysis, Synolocker has no effect on the newest version DSM 5.0.
The users of NAS servers are advised to shutdown their systems and contact the technicians of Synology if a process called ‘synosync’ is running in Resource Monitor. It is possible to find that the system indicates that the latest DSM version is used even though DSM 4.3-3810 or earlier is installed.
Synolocker regarded as a variant of Cryptolocker because the two infections exhibit similar behavior and use similar encryption algorithms.
How does the Synolocker malware work?
Similarly to Cryptolocker, Synolocker encrypts files stored on the device and displays a ransom message. The message requires that you download the Tor Browser and access a certain website (hxxp://cypherxffttr7hho.onion) to log in with your identification code. After registration, you are provided with instructions on how to pay a ransom, which must be paid in Bitcoins. According to the ransom warning, you have to pay 0.6 Bitcoins, roughly $350 USD.
As for Bitcoins, it is an online currency which is generated by using computer resources to solve complex equations. The process of generating this currency is called mining.
Once the money requested is paid to a certain Bitcoin wallet, the attackers are supposed to provide you with a decryption key; however, you should keep in mind that the payment does not guarantee the release of decrypted files. After spending about 350 USD dollars, your data may remain encrypted.
There are not many alternatives to restore your decrypted date. Instead of paying up, you can only use a backup of the data.
How to prevent Synolocker?
Synology strongly recommends upgrading to the DSM 5.0 or some other versions older than DMS 4.3. For example, if you are using DSM 4.3, you should install DSM 4.3-3827 or later; if you are using 4.1 or DSM 4.2, you should upgrade to DSM 4.2-3243 or later, and, if you are using DSM 4.0, you should upgrade to DSM 4.0-2259 or later.
If you want to be walked through the process of update, you can contact the technical support of Synology or update your DMS manually. As for the latter, you can update DSM by going to Control Panel and selecting the DSM update option or by downloading the latest version from the Download Center.