Siduction Forum

Siduction Forum => Hardware - Support => Topic started by: GoinEasy9 on 2014/04/19, 04:07:04

Title: Synology NAS - FYI
Post by: GoinEasy9 on 2014/04/19, 04:07:04

I know some of you on the forum have a Synology NAS like I do. So, BEWARE.  There's danger in the DSM update. 

I noticed that DSM 5.0 came out in March, but when I clicked on DSM update inside the Control Panel, it told me I was up to date.  Synology Support told me to try changing DNS, which didn't help, then they told me to just manually update.  Ok, so I manually updated to 5.0 and I'm left with a blinking blue power button.

Ok, so, stuff happens.  The machine has been running 24/7 since I bought it, and I've had absolutely no problems.  So, I wrote an email back to Synology Support and while waiting for a response, I decided to look around. 

It seems a vulnerability seeped in to the software:
  http://www.synology.com/en-us/company/news/article/437


Then I found a thread on their user forum 5 pages long:
  http://forum.synology.com/enu/viewtopic.php?f=108&t=82141
The first post now contains a solution, which involves shutting the machine down, taking out the HD's, inserting a spare HD, etc.etc.etc.


I found this thread interesting, re: the malware:
http://forum.synology.com/enu/viewtopic.php?f=108&t=82141&start=60


Anyway, I figured I'd pass it on.  It would have been nice if Synology Support would have warned me.  It's not like I'm not registered or don't follow them on social media.  It's not like I didn't ask Support first, and, was told to proceed without any warning.


So, I'll probably pull the disks and follow Solution 1, just as soon as I confirm the safest way to shut down the machine.  Pushing the power button, paperclip on the reset button, or, pulling the powercord.  So much data could be lost (silent scream).


/end:warning/rant

Title: Re: Synology NAS - FYI
Post by: GoinEasy9 on 2014/08/05, 21:43:02

A new problem to BEWARE of.  There is a Syno Locker encryption being put on the files on the NAS and it's asking for 0.6 bitcoin to sell you the encryption key.  At this point, there is no answer as to how the malware gets on the NAS, so, for safety sake I've shut mine down, while waiting to hear from Synology (I'm not holding my breath).

Here's a link to read about it:
http://www.cso.com.au/article/551527/synolocker_demands_0_6_bitcoin_decrypt_synology_nas_devices/

Edit: another link from zdnet:
http://www.zdnet.com/ransomware-attacks-synology-nas-devices-7000032335/

I'm updated to DSM 5.0, and, so far, most of the reports are from those still using DSM 4.3.  DSM 4.3 is where the bitcoin miner malware was discovered. 

Title: Re: Synology NAS - FYI
Post by: bluelupo on 2014/08/05, 22:01:01

Thanks GoingEasy9 for the important infomation about the vulnerability of SYNOLOGY NAS devices.