[kwlug-disc] Synology, and proprietary disk formats ...

Thu Aug 7 16:34:25 EDT 2014

Got an email today from Synology regarding the SynoLocker thingy:
Dear Synology users,We would like to inform you that a ransomware called "SynoLocker" is currently affecting some Synology NAS users. This ransomware locks down affected servers, encrypts users’ files, and demands a fee to regain access to the encrypted files.We have confirmed that the ransomware only affects Synology NAS servers running older versions of DiskStation Manager by exploiting a security vulnerability that was fixed and patched in December, 2013.Affected users may encounter the following symptoms:When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.Abnormally high CPU usage or a running process called “synosync” (which can be checked atMain Menu > Resource Monitor).DSM 4.3-3810 or earlier; DSM 4.2-3236 or earlier; DSM 4.1-2851 or earlier; DSM 4.0-2257 or earlier is installed, but the system says no updates are available at Control Panel > DSM Update.If you have encountered the above symptoms, please shutdown the system immediately and contact our technical support here: https://myds.synology.com/support/support_form.phpIf you have not encountered the above symptoms, we strongly recommend downloading and installing DSM 5.0, or any version below:DSM 4.3-3827 or laterDSM 4.2-3243 or laterDSM 4.0-2259 or laterDSM 3.x or earlier is not affectedYou can manually download the latest version from our Download Center and install it at Control Panel > DSM Update > Manual DSM Update.If you notice any strange behavior or suspect your Synology NAS server has been affected by the above issue, please contact us at security at synology.com.We sincerely apologize for any problems or inconvenience this issue has caused our users. We’ll keep you updated with the latest information as we continue to address this issue.Thank you for your continued patience and support.Sincerely, Synology Development Team 
> Date: Tue, 5 Aug 2014 22:27:01 -0400
> From: chris at chrisirwin.ca
> To: kwlug-disc at kwlug.org
> Subject: Re: [kwlug-disc] Synology, and proprietary disk formats ...
> 
> On 08/05/2014 07:29 PM, Khalid Baheyeldin wrote:
> > The news was out about a Synology ransom ware exploit.
> >
> > http://soylentnews.org/article.pl?sid=14/08/05/1250223
> >
> > But what caught my eye is this comment about the disk formats being 
> > proprietary and unreadable on a Linux system
> >
> > http://soylentnews.org/comments.pl?sid=3232&cid=77644
> >
> > Hostage but for another reason ...
> >
> > Posting this for those who use Synology in this group ...
> 
> I've got a Synology 207+. It's a few models out of date (it's from 
> 2007), but I've pulled the drives out and used them in my Linux boxes 
> without issue. Was a standard ext3 filesystem, though it wasn't 
> auto-detected like most removable drives. Manually mounting it with `-t 
> ext3` worked correctly. Their new models might be different.
> 
> A coworker has a much more capable five-bay x86 netgear box (the model 
> escapes me), which actually runs some combination of lvm and mdadm on a 
> stripped-down debian-ish base. It gets very confusing very fast when you 
> start replacing disks and letting it's dynamic growth mechanism do the 
> work (multiple raid5 slices on each disk, pooled together into a big 
> lvm, divided into smaller shared filesystems). But again, readable on a 
> standard Linux box (assuming you can connect at least four of five 
> drives and can manually construct an mdadm array).
> 
> 
> -- 
> Chris Irwin
> e: <chris at chrisirwin.ca>
> w: http://chrisirwin.ca
> 
> 
> 
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140807/cf03d8e0/attachment.htm>