Network attached storage device manufacturer Synology is reporting that a new form of malware is spreading to some of its customers. Dubbed the SynoLocker cryptoware, the malware encrypts data on the network peripheral, and the perpetrators are demanding 0.6 bit coin ($350) to get the key to retrieve the files.
Not much has been made public as of yet. DSM 4.3 devices are known to be vulnerable, with testing underway by Synology to see if the newer DSM 5.0 is subject to the attack as well. It is not known if Synology was aware of the flaw before devices became encrypted as a result of the attack.
Synology is recommending that users disconnect the NAS from the Internet, as well as upgrade the systems to the latest version. Additionally, users are being told to backup crucial data, in case the NAS is infected in the future.
A list of vulnerable systems and/or affected operating systems is being compiled by Synology for release tonight. It is unlikely that the perpetrators left a “back door” for file decryption, so users that do not pay the ransom may have lost the encrypted data.