July 23rd, 2019 by Adam Armstrong
Synology Urges User Action Against Potential Ransomware Attacks
Today Synology announced that it had found several of its NAS users were under ransomware attack. These attacks saw admins’ credentials stolen brute-force login attacks, and users’ data was encrypted as a result. While Synology made the announcement, the attacks didn’t single them out. Several NAS vendors were targeted so all users should check their systems.
Synology has investigated the event and found that the cause of the attackes were due to dictionary attacks, not specific system vulnerabilities. The attacks appear to have started on July 19, 2019, were organized, and the culprits used botnet addresses to hide their source IP. Synology users are recommended to leverage their built-in network and account management settings to enhance their security.
Synology recommends the following for its users:
- Use a complex and strong password, and Apply password strength rules to all users.
- Create a new account in administrator group and disable the system default "admin" account.
- Enable Auto Block in Control Panel to block IP addresses with too many failed login attempts.
- Run Security Advisor to make sure there is no weak password in the system.
Synology users are recommended to enable their Firewall and 2-step verifications as well. Synology DSM also has a Snapshot feature that will make the NAS immune to encryption-based ransomware.