Synology Urges User Action Against Potential Ransomware Attacks

Today Synology announced that it had found several of its NAS users were under ransomware attack. These attacks saw admins’ credentials stolen brute-force login attacks, and users’ data was encrypted as a result. While Synology made the announcement, the attacks didn’t single them out. Several NAS vendors were targeted so all users should check their systems.

Today Synology announced that it had found several of its NAS users were under ransomware attack. These attacks saw admins’ credentials stolen brute-force login attacks, and users’ data was encrypted as a result. While Synology made the announcement, the attacks didn’t single them out. Several NAS vendors were targeted so all users should check their systems.

Read More – 4 Steps for a Secure NAS

Synology has investigated the event and found that the cause of the attacks were due to dictionary attacks, not specific system vulnerabilities. The attacks appear to have started on July 19, 2019, were organized, and the culprits used botnet addresses to hide their source IP. Synology users are recommended to leverage their built-in network and account management settings to enhance their security.

Synology recommends the following for its users:

• Use a complex and strong password, and Apply password strength rules to all users.
• Create a new account in administrator group and disable the system default “admin” account.
• Enable Auto Block in Control Panel to block IP addresses with too many failed login attempts.
• Run Security Advisor to make sure there is no weak password in the system.

Synology users are recommended to enable their Firewall and 2-step verifications as well. Synology DSM also has a Snapshot feature that will make the NAS immune to encryption-based ransomware.

Read More – 4 Steps for a Secure NAS

Synology Ransomware

Discuss this story

Sign up for the StorageReview newsletter