Synology sent a note today saying that they have more information on the SynoLocker vulnerability we reported on earlier. The bottom line seems to be that one should move to newer versions of Synology DSM. It also appears as though DSM 5.0 is not impacted by the SynoLocker ransomware. For users that need validated versions of DSM for their environments, Synology has updated versions which do not have the vulnerability. Certainly something every Synology user should look at.
[toggle_box title=”Synology SynoLocker Update Press release” width=”Width of toggle box”]
Synology® Continues to Encourage Users to Update
Washington, Bellevue—August 5th, 2014—We’d like to provide a brief update regarding the recent ransomware called “SynoLocker,” which is currently affecting certain Synology NAS servers.
We are fully dedicated to investigating this issue and possible solutions. Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. Furthermore, to prevent spread of the issue we have only enabled QuickConnect to secure versions of DSM. At present, we have not observed this vulnerability in DSM 5.0.