Synology NAS Devices Are Becoming a Frequent Target for Ransomware Crooks

Tsing

The FPS Review
Staff member
Joined
May 6, 2019
Messages
12,871
Points
113
Synology is telling owners of its network attached storage (NAS) devices to ensure they're protected with a strong password. There have been increasing incidents of hackers brute-forcing their way into them with dictionary attacks and encrypting the drives with ransomware.

Users on the official Synology forum say the crooks want 0.06 BTC (around $570) for their data to be decrypted. The good news is that these attacks can be easily prevented with not only a complex password, but the "auto lock" feature in DiskStation Manager, which locks down an account with too many failed login attempts.

"We believe this is an organized attack. After an intensive investigation into this matter, we found that the attacker used botnet addresses to hide the real source IP," said Ken Lee, manager of Synology's security incident response team.
 
I own a Synology - I've not had any issues with it and overall I'm very happy with it.

I went and checked on mine though - it does have a "password strength" bar when you look at your user account. So there's that feature, for what it's worth.

Also "Auto Block" was enabled on mine - I don't remember ever setting it, so it's either on by default or been turned on via a recent update.

If they are getting in on DSM, you would also have to have your machine exposed on port 5000 as well. And the specific flaw was patched as of Sept 2013... so not only have a simple password, and default security options overridden, and your admin panel exposed publicly, but also not run any updates in many, many years.
 
Last edited:
I'd kind of like to know how these users have these boxes set up that the admin access is accessible from the WAN...

My backup box is on a public IP address.

I have configured it to drop pings, have port scanned it to make sure everything except one SSH port is closed (which is how I access it) and that SSH port is in a non-standard port range in the very high numbers. Furthermore, you can't log in to the box with a username and password. It requires the correct RSA keypair...

Do people really just open ports nilly willy and hope for the best? :rolleyes:
 
If they are getting in on DSM, you would also have to have your machine exposed on port 5000 as well. And the specific flaw was patched as of Sept 2013... so not only have your admin panel exposed publicly, but also not run any updates in many, many years.

There are multiple issues. The 2014 flaw has long since been patched. The way I am reading this article is that it is different from that 2014 flaw, that they are now brute forcing passwords instead.
 
Do people really just open ports nilly willy and hope for the best?

I imagine a lot of people just DMZ them so all the services work, rather than taking the time to just expose what they need, or heaven forbid, lock anything behind tunneled encryption.
 
Love my Synologies.

No issues if you set them up properly and keep them updated.
 
Ours also blocks IP addresses with too many failed login attempts.
 
If you don't need to access them outside of your home, can't you just block all remote access outside of your network?
 
It's not like Ubuntu Server where the default firewall just blocks everything? Huh, that's kind of lame

I guess I misspoke. You're right, most firewalls/routers block all outside initiated traffic unless specified by an access rule of some sort.
 
It's a reality more companies have to face, and it will not change fast. The hackers are getting better and better day by day. It's also not a bright idea to go and get Synology without considering all the advantages and disadvantages of it compared to QNAP. I was reading a comprehensive review a few days ago on prizedreviews.com, and apparently, Synology is a softcore system with limited resources and abilities. I also needed a NAS network for work, and I went with qnap for the efficiency it provides.
 
Last edited:
Become a Patron!
Back
Top