Protecting your Synology NAS from SynoLocker

Chris Wahl · Posted on

Just a quick public service announcement. Unless you’ve been under a rock, you’ve heard about a group called SynoLocker that has been exploiting folks for cash by maliciously encrypting data on Synology NAS boxes. Here is the official news page from Synology on it. I happen to run 3 Synology boxes in my lab for vSphere and file storage, so a number of folks have reached out to me with a heads up. And I appreciate that. 🙂

The apparent root cause in the cases I’ve read was the lack of proper patching and putting the management interface onto a network that faces the Internet. These two actions seem quite risky to me. For those using a Synology NAS for lab storage running virtual machines, there’s no reason to put a management interface on the web. Would you put the management interface for your NetApp FAS or EMC VNX array on the Internet? Of course not!

As for patching, DSM 5.x offers a suite of improvements and has been out long enough that it’s definitely ready for prime time. Even my 2011 model NAS boxes from Synology have the ability to run DSM 5.x. And for those using your NAS for non-virtual machine storage, DSM 5 even offers the ability to auto patch.

[symple_box color=”gray” fade_in=”false” float=”center” text_align=”left” width=””]TL;DR – Patch your gear, and don’t expose it directly to the Internet.[/symple_box]

More Details

Per Synology’s news release:

synology-synolocker

For Synology NAS servers running DSM 4.3-3810 or earlier, and if users encounter any of the below symptoms, we recommend they shutdown their system and contact our technical support team here: https://myds.synology.com/support/support_form.php:

When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.

  • A process called “synosync” is running in Resource Monitor.
  • DSM 4.3-3810 or earlier is installed, but the system says the latest version is installed at Control Panel > DSM Update.

For users who have not encountered any of the symptoms stated above, we highly recommend downloading and installing DSM 5.0, or any version below:

  • For DSM 4.3, please install DSM 4.3-3827 or later
  • For DSM 4.1 or DSM 4.2, please install DSM 4.2-3243 or later
  • For DSM 4.0, please install DSM 4.0-2259 or later

DSM can be updated by going to Control Panel > DSM Update. Users can also manually download and install the latest version from our Download Center here: http://www.synology.com/support/download.