Synology® Urges All Users to Take Immediate Action to Protect Data from Ransomware Attack
MILTON KEYNES, United Kingdom — 23 July, 2019 — Synology® recently found that several users were under a ransomware attack, where admins' credentials were stolen by brute-force login attacks, and their data was encrypted as a result. We investigated and found that the causes of these attacks were due to dictionary attacks instead of specific system vulnerabilities. This large-scale attack was targeted at various NAS models from different vendors; therefore we strongly recommend users check network and account settings to protect data from ransomware.
"We believe this is an organized attack. After an intensive investigation into this matter, we found that the attacker used botnet addresses to hide the real source IP," said Ken Lee, Manager of Security Incident Response Team at Synology Inc. "After collecting admin account passwords with brute-force attacks, the attack was launched on July 19 and caught users off guard. We therefore informed TWCERT/CC and CERT/CC immediately of this matter in hopes of accelerating the collaborative efforts to resolve this incident."
Since this attack is not related to system security vulnerabilities, it is recommended that Synology users utilize built-in network and account management settings to enhance system security level, preventing malicious attacks from the Internet.
"We urge all Synology users to take immediate action to protect their NAS from the ransomware attack," said Hewitt Lee, Director of Product Management at Synology Inc. "Users' data security is always our priority. For those who are not using Synology NAS, we still recommend you take corresponding actions to protect your precious data."
Please make sure you go through the checklist below:
- Use a complex and strong password, and Apply password strength rules to all users.
- Create a new account in administrator group and disable the system default "admin" account.
- Enable Auto Block in Control Panel to block IP addresses with too many failed login attempts.
- Run Security Advisor to make sure there is no weak password in the system.
To ensure the security of your Synology NAS, we strongly recommend you enable Firewall in Control Panel and only allow public ports for services when necessary, and enable 2-step verification to prevent unauthorized login attempts. You may also want to enable Snapshot to keep your NAS immune to encryption-based ransomware. To learn more about ransomware attacks, please visit https://www.synology.com/solution/ransomware
More resources available:
Synology at a glance
Staying at the forefront of data management, Synology innovates and adapts to ever-evolving technologies, and continues bringing new possibilities to the table, including but not limited to solutions for data storage and backup, file collaboration, video management, and network infrastructure – all designed with one goal in mind – presenting a centralized platform to simplify IT administration while driving digital transformation for businesses worldwide.