Synology NAS Devices Attacked by Synolocker Ransomware - How to, Technology and PC Security Forum |

Synology NAS Devices Attacked by Synolocker Ransomware

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

What Is SynoLocker and How Does It Work?

SynoLocker is a file encrypting ransomware that targets Synology NAS (Network Attached Storage) devices. What this particular piece of ransomware does is to exploit vulnerabilities in the DSM operating system. It targets the earlier versions, like DSM 4.3-3810, through the Internet.

Synology is a Taiwanese manufacturer of storage devices, which allow the user to access his files from the local network or over the Internet.

As soon as the device is compromised, a ransom message is displayed on the administrative screen. It informs the user that the files on the device have been encrypted and that a fee of about $350, is required for their decryption.


The user is assigned a personal identification code for the SynoLocker payment system, which is located on a website accessible only over the TOR network. As the user enters the code, he is presented with instructions on the ransom payment and the retrieving of the encrypted data. The user can get the private key, needed for the decryption of the files, when he pays the required sum.

The decrypted files are usually stored in the /etc/synolocker folder on the device.

SynoLocker has a few things in common with another piece of ransomware that has been quite popular lately, CryptoLocker.

  • Both ransomware use Bitcoin as a payment method
  • Both use the same encryption algorithm

The crooks behind SynoLocker have put a lot of effort in the way they have constructed the decryption website. No grammatical errors are to be seen and oddly enough the hacker provide their victims with customer support, where the users can get assistance with the ransom payment and the file decryption.

What to Do in Case Your Device Has Been Infected with SynoLocker?

Users whose devices are compromised by the Synolocker Ransomware are advised to:

  • Disconnect the device from Internet as soon as possible
  • Contact Synology customer support
  • Update their DNS

To minimize the risk of potential infection, users should upgrade to the latest DSM version on their devices. They also should not forget that the best way to recover their data in case of ransomware infection is to keep an offline backup of their files.


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share