Blog

We are passionate about the work we do, which is why we regularly research and update our blog with original content to keep you updated with industry news.

Synology Exploit Thwarted

Date Thursday, 07 August 2014 , By: Marc Whittingham , In: Technical

We were recently made aware of a vulnerability in certain versions of the Synology operating system (DSM) which lies behind all Synology NAS devices.

This only applies to those devices that have public facing services such as WebDAV with access from external public networks (such as the internet).

This exploit allows attackers to upload malicious content onto vulnerable devices, encrypt all data contained therein and prevent access to this data unless a substantial fee is paid.

We have witnessed this exploit mid-way though implementation and have successfully prevented the exploit from coming to fruition. Following the detection of the vulnerability having been exploited we connected to the device and closed external access to the device. As per the recommendations from Synology we then conducted a full reinstall of the operating system on the device and patched it to the latest version. This then required re-implementation of all the settings and user accounts etc on the device.

Synology's most recent update on this matter is as follows:

"We’d like to provide a brief update regarding the recent ransomware called “SynoLocker,” which is currently affecting certain Synology NAS servers.

Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. At present, we have not observed this vulnerability in DSM 5.0.

For Synology NAS servers running DSM 4.3-3810 or earlier, and if users encounter any of the below symptoms, we recommend they shut down their system and contact our technical support team here: https://myds.synology.com/support/support_form.php.

-When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.

-A process called “synosync” is running in Resource Monitor.

-DSM 4.3-3810 or earlier is installed, but the system says the latest version is installed at Control Panel > DSM Update.

For users who have not encountered any of the symptoms stated above, we highly recommend downloading and installing DSM 5.0, or any version below:

-For DSM 4.3, please install DSM 4.3-3827 or later

-For DSM 4.1 or DSM 4.2, please install DSM 4.2-3243 or later

-For DSM 4.0, please install DSM 4.0-2259 or later.

DSM can be updated by going to Control Panel > DSM Update. Users can also manually download and install the latest version from our Download Center here: http://www.synology.com/support/download.

If users notice any strange behavior or suspect their Synology NAS server has been affected by the above issue, we encourage them to contact us at This email address is being protected from spambots. You need JavaScript enabled to view it..

Apologies for any problems or inconvenience caused. We will keep you updated with latest information as we address this issue."

If you have a Synology device with public facing services, the advice is to turn off the device and seek professional assistance. If this is the case please call us on 01722 744574 and we will do everything we can to assist.

Marc Whittingham

By: Marc Whittingham

Marc joined Blue Frontier in 2007 and was welcomed to the board of directors in 2016. With industry experience dating back to 2003, he heads up the technical support team with a strong focus on service. As our lead networking and virtualisation engineer, Marc provides the invaluable link between clients and technicians. His incredible versatility is evidenced by his further roles as: Information Security Manager, Data Protection Officer and Quality Assurance Manager.