Known security issues · NAS server · Secure your NAS

Affected by Synolocker? Follow this steps…

Synology users running the old versions of the DSM has been affected by attackers who hack into their synology, encrypt the files and then replace the DSM with a page asking for 0.6 bitcons ($350) as a ransom money for the password to unprotect the files.

Affected users may encounter the following symptoms:

  • When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
  • Abnormally high CPU usage or a running process called “synosync” (which can be checked atMain Menu > Resource Monitor).
  • DSM 4.3-3810 or earlier; DSM 4.2-3236 or earlier; DSM 4.1-2851 or earlier; DSM 4.0-2257 or earlier is installed, but the system says no updates are available at Control Panel > DSM Update.

synolocker"

If you are affected, shut down your NAS immediatly and contact synology.

Synology is still working on this issue and investigating if the DSM 5.0 is also affected, but some users have been able to unlock their files by following these steps:

NOTE: I can not guarantee that this method will work for everybody. Some users have had success with it and none has reported problems so it should be safe, still, follow the steps at your own risk. (Review comments section for feedback).

1. Shut down the NAS
2. Remove all the hard drives from the NAS
3. Find a spare hard drive that you will not mind wiping and insert it into the NAS
4. Use Synology Assistant to find the NAS and install the latest DSM onto this spare hard drive (use the latest DSM_file.pat from Synology)
5. When the DSM is fully running on this spare hard drive, shut down the NAS from the web management console.
6. Remove the spare drive and insert ALL your original drives.
7. Power up the NAS and wait patiently. If all goes well after about a minute you will hear a long beep and the NAS will come online.
8. Use Synology Assistant to find the NAS. It should now be visible with the status “migratable”.
9. From Synology Assistant choose to install DSM to the NAS, use the same file you used in step 4 and specify the same name and IP address as it was before the crash.
10. Because the NAS is recognized as “migratable”, the DSM installation will NOT wipe out the data on either the system partition nor the data partition.
11. After a few minutes, the installation will finish and you will be able to log in to your NAS with your original credentials.

(Thanks to Mike for sharing this)

To increase the security of your NAS:

  1. Make sure you install ALL new updates from Synology. If you have not encountered the above symptoms, Synology strongly recommends downloading and installing DSM 5.0, or any version below:
  • DSM 4.3-3827 or later
  • DSM 4.2-3243 or later
  • DSM 4.0-2259 or later
  • DSM 3.x or earlier is not affected
  1. Block unauthorized people to access your NAS
  2. Change your SQL database password (if you are using one)
  3. Enable 2-step authentication for your admin password.

11 thoughts on “Affected by Synolocker? Follow this steps…

  1. Hi all…
    I did exactly like described and lost all data… after installation NAS status was on migratable and after DSM installation data were deleted expect 10 photos…
    crazy to present such a solution here. I am really pissed (first lack at Synology, then files ecrypted and now files lost).
    Cheers, Eddie

    Like

  2. sorry guys… I have to correct: once all these steps finalized I had to grant access to the folders (the old ones) and then they are visible and all is back.
    I am still pis…. but more from this stupid hackers which I do not understand, and will never understand. How they can attack files (private fotos, videos etc.) anyway… good luck to all the victims🙂

    Like

  3. Hi, my has was also infected. I reinstalled via the steps mentioned above successfully. But I’m now at a point I’m wondering which files are encrypted? Can anyone tell how to find out? I have thousands of photo’s and don’t want to check all of them.
    I do have a remote backup, what will happen when I’m making another backup? Will encrypted files on my source overwrite good files on my backup when making a new backup?
    Not sure what steps I should make right now.
    Thanks in advance!
    Rene

    Like

  4. Worked for me! Unfortunately the encrypted files are still encrypted, but at least I’m able to access all other data (which includes almost my entire video and music collection), so thanks for the tip!

    Like

  5. I don’t have a spare HD so before buying one to try out these recovery steps, do you think installing the DSM on a USB HD (connected to the NAS) is possible?

    Thanks in advance!
    Thomas

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s