Ransomware encrypts data on Synology NAS systems

My Diskstation got hacked last night. When I open the main page on the webserver i get a message that SynoLocker has started encrypting my files and that I have to go to a specific address on Tor network to get the files unlocked. It will cost 0.6 BitCoins. It encrypts file by files. Therefore I started to copy my most important files to another disk while encryption was in progress on other files. After the most important files was copied I turned of my disk.

Synology Forum: http://forum.synology.com/enu/viewtopic.php?f=3&t=88716

Heise: http://www.heise.de/security/meldung/Verschluesselungstrojaner-attackiert-Synology-Speichersysteme-2282625.html

We’d like to provide a brief update regarding the recent ransomware called “SynoLocker,” which is currently affecting certain Synology NAS servers. We are fully dedicated to investigating this issue and possible solutions. Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. Furthermore, to prevent spread of the issue we have only enabled QuickConnect and Synology DDNS service to secure versions of DSM. At present, we have not observed this vulnerability in DSM 5.0.

Synology Press Release: http://www.synology.com/en-us/company/news/article/470

Heise: http://www.heise.de/security/meldung/Jetzt-updaten-Aeltere-Synology-NAS-Geraete-anfaellig-fuer-Ransomware-2287427.html