Synology, a Taiwan-based storage vendor, has notified users that several network attached storage devices (NAS) were encrypted by ransomware. NAS units are used to store terabytes of data by both home and small-business users. Attackers recently obtained Synology device admin credentials via brute-force attacks where massive volumes of possible passwords are thrown at a system until one sticks. The attacks appear to have started on July 19, 2019. According to Ken Lee, manager of Synology’s security incident response team, the hackers used botnet addresses to block their source IP. QNAP is also warning users of similar attacks.
According to Synology, users are strongly recommended to take the following steps:
Create a new account in administrator group and disable the system default “admin” account.
Use a complex and strong password, and apply password strength rules to all users.
Enable 2-step verification to add an extra security layer to your account.
Enable Auto Block in Control Panel Run Security Advisor to make sure there is no weak password in the system.
Enable Firewall in Control Panel, and only allow public ports for services that are necessary.
Synology DSM also has a Snapshot feature that will make the NAS immune to encryption-based ransomware.
Photo by Christiaan Colen