Synolocker Corrupts Files on NAS Servers

Article Views: 9430
Comments (0)
Rate this Article:
Category: Badware News

Synolocker is one of the most devious and dangerous infections out there. It mimics the recently reported threats Cryptolocker or Cryptowall; however, this one specifically attacks NSA drivers created by Synology. NAS stands for Network Attached Storage, and those using Synology devices are provided with the file-based data storage services. It is believed that only old versions of the DiskStation Manager are affected by the devious ransomware; however, a lot of DSM users are now trying to remove the infection. Needless to say, the removal of the threat is highly complicated due to the encrypted files. Despite this, it is essential to delete Synolocker from the operating system.

NAS devices are generally used on Linux operating systems. Unfortunately, once Synolocker attacks, there is a risk that the encrypted files will be lost for good. It has been revealed that the infection may use old security vulnerabilities (CVE-2013-4475 and CVE-2013-6987) which have been patched in December of last year. This means that the threat is dangerous to those who have not updated their Synology NAS devices. Note that the latest version of the DiskStation Manager (DSM 5.0) is not believed to be affected by this vulnerability. All in all, Synolocker uses powerful RSA-2048 and 256-bit keys to encrypt files within the system. If you delete the locked files, you will lose them; however, you may have no other option.

Synolocker does not work without a purpose. This infection encrypts the files and then presents a warning suggesting that a ransom fee must be paid. Even though the requested fees may change, the most common payment is 0.6 BTC (~$350). If you have not removed the corrupted files already, you may think that you need to install a Tor Browser, enter a specific identification code, and then pay the requested ransom using the Bitcoin system. Needless to say, this will not remove Synolocker. In fact, there are no guarantees that the corrupted files will be decrypted either. This is a devious trap which has already been used to scam hundreds if not thousands of computer users worldwide.

The officials of Synology suggest their customers to shut down the affected systems and contact the technical support for further assistance. It is possible that you will have the files restored after paying the ransom; however, the fee is extremely high, and you should not rush into anything. We suggest you do contact Synology tech support; however, your ultimate goal is Synolocker removal. Unfortunately, it is likely that files encrypted by the infection are unsalvageable. Whether you find a solution or not, make sure you install authentic malware removal software to delete the monstrous ransomware and ensure protection against other infections.


Your email address will not be published.


Enter the numbers in the box to the right *