Synology users running the old versions of the DSM has been affected by attackers who hack into their synology, encrypt the files and then replace the DSM with a page asking for 0.6 bitcons ($350) as a ransom money for the password to unprotect the files.
Affected users may encounter the following symptoms:
- When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
- Abnormally high CPU usage or a running process called “synosync” (which can be checked atMain Menu > Resource Monitor).
- DSM 4.3-3810 or earlier; DSM 4.2-3236 or earlier; DSM 4.1-2851 or earlier; DSM 4.0-2257 or earlier is installed, but the system says no updates are available at Control Panel > DSM Update.
If you are affected, shut down your NAS immediatly and contact synology.
Synology is still working on this issue and investigating if the DSM 5.0 is also affected, but some users have been able to unlock their files by following these steps:
NOTE: I can not guarantee that this method will work for everybody. Some users have had success with it and none has reported problems so it should be safe, still, follow the steps at your own risk. (Review comments section for feedback).
1. Shut down the NAS
2. Remove all the hard drives from the NAS
3. Find a spare hard drive that you will not mind wiping and insert it into the NAS
4. Use Synology Assistant to find the NAS and install the latest DSM onto this spare hard drive (use the latest DSM_file.pat from Synology)
5. When the DSM is fully running on this spare hard drive, shut down the NAS from the web management console.
6. Remove the spare drive and insert ALL your original drives.
7. Power up the NAS and wait patiently. If all goes well after about a minute you will hear a long beep and the NAS will come online.
8. Use Synology Assistant to find the NAS. It should now be visible with the status “migratable”.
9. From Synology Assistant choose to install DSM to the NAS, use the same file you used in step 4 and specify the same name and IP address as it was before the crash.
10. Because the NAS is recognized as “migratable”, the DSM installation will NOT wipe out the data on either the system partition nor the data partition.
11. After a few minutes, the installation will finish and you will be able to log in to your NAS with your original credentials.
To increase the security of your NAS:
- Make sure you install ALL new updates from Synology. If you have not encountered the above symptoms, Synology strongly recommends downloading and installing DSM 5.0, or any version below:
- DSM 4.3-3827 or later
- DSM 4.2-3243 or later
- DSM 4.0-2259 or later
- DSM 3.x or earlier is not affected
- Block unauthorized people to access your NAS
- Change your SQL database password (if you are using one)
- Enable 2-step authentication for your admin password.