Synolocker exploits vulnerability in Synology servers
Both businesses and home users now utilize server technology, it's a great way to backup files and keep things safe. But, perhaps it isn't quite as secure as many unsuspecting customers had thought. Synology, one of the leaders in the market, is now dealing with a Crytolocker-like threat, this one aptly name "Synolocker".
Much like its namesake, the software is ransomware, prepared to extort money from unsuspecting NAS customers. While this sounds like doom and gloom, it's actually only compatible with older versions of DiskStation Manager.
Synology is aware of the issue, and has already issued a fix, but some customers have apparently not updated. The company issued a statement, calling it "two vulnerabilities that were fixed in November and December 2013", further stating "at that time, Synology released security updates and notified users to update via various channels".
AVG looked into the problem and also issued a statement -- "victims are asked to pay approx. USD$350 in Bitcoin to obtain a decryption key via a TOR Hidden service website -- allowing the criminals to remain undetected by law enforcement agencies. This is the same payment method we have previously witnessed with the PC Malware called Cryptolocker that appeared late in 2013".
Synology has issued a series of steps to get affected users back on track, but the best solution is to download the latest version of the software and avoid all issues before they arise, not to mention the $350 extortion that comes along with it.