No sign of it on my station running DSM5, but I did a remote shutdown until I can get home this evening, check for security issues, and lock down my firewall.
My dad got the Crytowall ransomware virus a couple months back, which wanted something like $2000 in BTC if you didn't pay within the first week after getting infected. I'm not sure if he ever paid, but he didn't have a backup solution in place so basically he's SOL. Nasty business!
Depends on your definition of 'interruption'. If it's a home server that's used for streaming music and video your laptop etc, then it's a couple of minutes to do a minor patch (IE 4.3.x to 4.3.y). For a major version, it's a bit longer, but it's not huge - I don't recall leaving my device overnight or owt, think it was less than an hour. A quick Youtube search suggests about ten to twenty minutes.
If it's in use at work, is an email server etc, you'll want to schedule some downtime, but we're talking less than an hour. Remember, this is a custom stripped and rebuilt linux distro, not a full on desktop system, and certainly not a Windows Service Pack or inplace upgrade. And everything will be working again as soon as it reboots.
Umm, this has little to do with the cloud? It's about malware infecting home NAS boxes and asking a ransom for your data, those boxes usually have net access for a variety of reasons other than cloud sync (remote access etc). In fact I'd dare say a cloud service is possibly less vulnerable to this sorta thing than a Synology NAS, or at least I hope that's the case. Either way, relying on any one solution is folly.
If you need a reason to run multiple backups (three disks, rotate the disk each day), obfuscated ports, running only essential services, this is also as good as it gets!
How aggressively does DSM update itself? Were any SKUs left at 4.3 and never updated to 5.0? Assuming the current 5.x code base doesn't suffer the same vulnerability, I'm just curious to know the possible footprint for the impact. It's software and software has bugs, but if the numbers are manageable they are better off being exceedingly generous to affected customers. "Sorry for the gadget rage your 2 bay Synology getting hacked has caused, while you are updating DSM and wiping your system to start over, we're shipping you a bonus 4 bay NAS on us. Tell your wife we are sorry about the wedding photos."
Synology is kind of Nvidia-like when it comes to updates. They have one code base ported to support pretty much everything they've released. The DS411j I bought for my parents 3-4 years ago is updated to DSM 5.0, and receives updates every month or so. That's one of the main reasons I picked Synology over any of the other NAS options. It sounded like it would be supported much longer. It may have made a larger attack target with such homogeneous software, though.
The update to 5.0 seems to be more aggressive about updates, too. It sends me an email every time one is available and a few times a week until I install it. I don't remember 4.3 doing that.
Thanks! I figured it was probably like most NAS software that harassed you via email about updates but didn't apply them automatically. Understandable for large updates like 4.x to 5.x that could potentially bork the system for a small number of users and drive contact rates for support. It would be nice if they at least had the ability to flag security critical updates and have the NAS self-update (i.e. from 4.3.0 -> 4.3.1 with a patch to the old release branch).
I read somewhere that automatically installed updates are coming in a future release - I can't find an explicit option in the current latest version to have it, say, automatically install the latest patch at 2pm on a Wednesday or anything - but it can currently automatically download updates in DSM 5 (can't remember if that's it's default state).
If we have to have a super expensive and super invasive NSA world-wide spying apparatus, could they at least please take a few seconds out from their normal business to locate these jerks, recover all the encryption keys, then send out a couple drones? Thanks!
Haha loved that comment. However that would mean that said government institutions revealed their capabilities to the public by actually using them to help the public...Not going to happen any day soon I reckon
Dose anyone know if paying the ransome works? I have paper copies of all my files but the time it would take to rescan them would cost my company thousands.
Not always. People have reported paying, only to get it locked back again. Why wouldn't they if they know you are willing to pay in the first place?
I personally would not care, i have everything backed up. I would simply disconnect from internet, format nas, and copy everything back. Only THEN would I pay, but not them, some hacker for revenge. I would pay more than they wanted, just to see them suffer. Oh not the simple suffering, i would make them suffer real pain in the real world.
Don't pay. These kind of things continue to happen because people create incentive to do so. There is no promise it will work, and you are funding this sort of behavior if you pay. My recommendation is to deal with the pain knowing that at least you aren't giving criminals funding to continue this sort of behavior. To mitigate this sort of risk, make sure you have proper backups in the future. I had a friend get hit with something similar to this, but since he had backups, it took a simple copy/paste and he was back up and running with nothing lost (just 5 minutes or so).
Reports from the Syno forums are that it does work (they even provide you with full instructions on how to do it over SSH) but three portable HDDs to back up to, with the disk changing every day, would be cheaper and more efficient overall - and if you notice on Thursday that all your data is encrytped, you can go back to Wednesdays backup and recover from that.
It's cheaper than rescanning and better than paying the scumsucking little bastards who came up with this (as others have noted, correctly)
We’ve updated our terms. By continuing to use the site and/or by logging into your account, you agree to the Site’s updated Terms of Use and Privacy Policy.
Facebook
Twitter
RSS
19 Comments
Back to Article
thedeepfriedboot - Monday, August 4, 2014 - link
No sign of it on my station running DSM5, but I did a remote shutdown until I can get home this evening, check for security issues, and lock down my firewall.JarredWalton - Monday, August 4, 2014 - link
My dad got the Crytowall ransomware virus a couple months back, which wanted something like $2000 in BTC if you didn't pay within the first week after getting infected. I'm not sure if he ever paid, but he didn't have a backup solution in place so basically he's SOL. Nasty business!ebruddah - Monday, August 4, 2014 - link
Does anyone know if you can run updates on the fly without service interruption?FordGuy - Monday, August 4, 2014 - link
Updates will interrupt service (at least on my DS414...).The update from DSM4 to DSM5 required a reboot, as did applying the DSM5 updates.
Updating individual packages (VPN, etc) did not require a server reboot. However, the individual process must be stopped an restarted.
Beany2013 - Tuesday, August 5, 2014 - link
Depends on your definition of 'interruption'. If it's a home server that's used for streaming music and video your laptop etc, then it's a couple of minutes to do a minor patch (IE 4.3.x to 4.3.y). For a major version, it's a bit longer, but it's not huge - I don't recall leaving my device overnight or owt, think it was less than an hour. A quick Youtube search suggests about ten to twenty minutes.If it's in use at work, is an email server etc, you'll want to schedule some downtime, but we're talking less than an hour. Remember, this is a custom stripped and rebuilt linux distro, not a full on desktop system, and certainly not a Windows Service Pack or inplace upgrade. And everything will be working again as soon as it reboots.
HTH
Steven R
shank15217 - Monday, August 4, 2014 - link
Lets put files on the cloud some more..Impulses - Tuesday, August 5, 2014 - link
Umm, this has little to do with the cloud? It's about malware infecting home NAS boxes and asking a ransom for your data, those boxes usually have net access for a variety of reasons other than cloud sync (remote access etc). In fact I'd dare say a cloud service is possibly less vulnerable to this sorta thing than a Synology NAS, or at least I hope that's the case. Either way, relying on any one solution is folly.KamikaZeeFu - Tuesday, August 5, 2014 - link
If you needed a reason to store your data in more than 1 physical location then this is as good as it gets.Beany2013 - Tuesday, August 5, 2014 - link
If you need a reason to run multiple backups (three disks, rotate the disk each day), obfuscated ports, running only essential services, this is also as good as it gets!Bob Todd - Tuesday, August 5, 2014 - link
How aggressively does DSM update itself? Were any SKUs left at 4.3 and never updated to 5.0? Assuming the current 5.x code base doesn't suffer the same vulnerability, I'm just curious to know the possible footprint for the impact. It's software and software has bugs, but if the numbers are manageable they are better off being exceedingly generous to affected customers. "Sorry for the gadget rage your 2 bay Synology getting hacked has caused, while you are updating DSM and wiping your system to start over, we're shipping you a bonus 4 bay NAS on us. Tell your wife we are sorry about the wedding photos."icrf - Tuesday, August 5, 2014 - link
Synology is kind of Nvidia-like when it comes to updates. They have one code base ported to support pretty much everything they've released. The DS411j I bought for my parents 3-4 years ago is updated to DSM 5.0, and receives updates every month or so. That's one of the main reasons I picked Synology over any of the other NAS options. It sounded like it would be supported much longer. It may have made a larger attack target with such homogeneous software, though.The update to 5.0 seems to be more aggressive about updates, too. It sends me an email every time one is available and a few times a week until I install it. I don't remember 4.3 doing that.
Bob Todd - Tuesday, August 5, 2014 - link
Thanks! I figured it was probably like most NAS software that harassed you via email about updates but didn't apply them automatically. Understandable for large updates like 4.x to 5.x that could potentially bork the system for a small number of users and drive contact rates for support. It would be nice if they at least had the ability to flag security critical updates and have the NAS self-update (i.e. from 4.3.0 -> 4.3.1 with a patch to the old release branch).Beany2013 - Tuesday, August 5, 2014 - link
I read somewhere that automatically installed updates are coming in a future release - I can't find an explicit option in the current latest version to have it, say, automatically install the latest patch at 2pm on a Wednesday or anything - but it can currently automatically download updates in DSM 5 (can't remember if that's it's default state).brucek2 - Tuesday, August 5, 2014 - link
If we have to have a super expensive and super invasive NSA world-wide spying apparatus, could they at least please take a few seconds out from their normal business to locate these jerks, recover all the encryption keys, then send out a couple drones? Thanks!sneaky999 - Tuesday, August 5, 2014 - link
Haha loved that comment. However that would mean that said government institutions revealed their capabilities to the public by actually using them to help the public...Not going to happen any day soon I reckonCBauer00010010 - Tuesday, August 5, 2014 - link
Dose anyone know if paying the ransome works? I have paper copies of all my files but the time it would take to rescan them would cost my company thousands.imaheadcase - Tuesday, August 5, 2014 - link
Not always. People have reported paying, only to get it locked back again. Why wouldn't they if they know you are willing to pay in the first place?I personally would not care, i have everything backed up. I would simply disconnect from internet, format nas, and copy everything back. Only THEN would I pay, but not them, some hacker for revenge. I would pay more than they wanted, just to see them suffer. Oh not the simple suffering, i would make them suffer real pain in the real world.
josephPHPagoda - Tuesday, August 5, 2014 - link
Don't pay. These kind of things continue to happen because people create incentive to do so. There is no promise it will work, and you are funding this sort of behavior if you pay. My recommendation is to deal with the pain knowing that at least you aren't giving criminals funding to continue this sort of behavior. To mitigate this sort of risk, make sure you have proper backups in the future. I had a friend get hit with something similar to this, but since he had backups, it took a simple copy/paste and he was back up and running with nothing lost (just 5 minutes or so).Beany2013 - Tuesday, August 5, 2014 - link
Reports from the Syno forums are that it does work (they even provide you with full instructions on how to do it over SSH) but three portable HDDs to back up to, with the disk changing every day, would be cheaper and more efficient overall - and if you notice on Thursday that all your data is encrytped, you can go back to Wednesdays backup and recover from that.It's cheaper than rescanning and better than paying the scumsucking little bastards who came up with this (as others have noted, correctly)