Small businesses using Synology™ NAS (network attached storage) devices are at risk of a new ransomware style attack, further demonstrating the risks of the Internet of Things trend and once again reinforcing the importance of having online backups.

This particular attack calling itself “Synolocker” has taken advantage of vulnerable (and unpatched) Synology storage devices that are exposed to the Internet.  The perpetrators have scanned Internet address space to easily discover the devices (on Port 5000) and have injected code that encrypts files rendering them useless until a ransom is paid.

Victims are asked to pay approx. USD$350 in Bitcoin to obtain a decryption key via a TOR Hidden service website – allowing the criminals to remain undetected by law enforcement agencies.  This is the same payment method we have previously witnessed with the PC Malware called Cryptolocker that appeared late in 2013.

If your business is using a Synology™ NAS, you’re advised to follow the advice provided by the manufacturer here.  Please also consider the risks of exposing any device to an Internet connection unless it is absolutely needed – and at a minimum only expose devices that you’re committed to fully managing and keeping up to date.

Until next time, stay safe out there.

Synolocker