What Is SynoLocker and How Does It Work?
SynoLocker is a file encrypting ransomware that targets Synology NAS (Network Attached Storage) devices. What this particular piece of ransomware does is to exploit vulnerabilities in the DSM operating system. It targets the earlier versions, like DSM 4.3-3810, through the Internet.
→Synology is a Taiwanese manufacturer of storage devices, which allow the user to access his files from the local network or over the Internet.
As soon as the device is compromised, a ransom message is displayed on the administrative screen. It informs the user that the files on the device have been encrypted and that a fee of about $350, is required for their decryption.
The user is assigned a personal identification code for the SynoLocker payment system, which is located on a website accessible only over the TOR network. As the user enters the code, he is presented with instructions on the ransom payment and the retrieving of the encrypted data. The user can get the private key, needed for the decryption of the files, when he pays the required sum.
The decrypted files are usually stored in the /etc/synolocker folder on the device.
SynoLocker has a few things in common with another piece of ransomware that has been quite popular lately, CryptoLocker.
- Both ransomware use Bitcoin as a payment method
- Both use the same encryption algorithm
The crooks behind SynoLocker have put a lot of effort in the way they have constructed the decryption website. No grammatical errors are to be seen and oddly enough the hacker provide their victims with customer support, where the users can get assistance with the ransom payment and the file decryption.
What to Do in Case Your Device Has Been Infected with SynoLocker?
Users whose devices are compromised by the Synolocker Ransomware are advised to:
- Disconnect the device from Internet as soon as possible
- Contact Synology customer support
- Update their DNS
To minimize the risk of potential infection, users should upgrade to the latest DSM version on their devices. They also should not forget that the best way to recover their data in case of ransomware infection is to keep an offline backup of their files.