NAS Device Users Need to Beware of Synolocker

If malware has a chance to slither in – it will. Unfortunately, Synolocker does not need much to attack, encrypt personal files and ask you for a ransom, which usually is set to 0.6 BTC ($350). Once infiltrated, this clandestine threat corrupts files and presents a ransom request via a pop-up message. It is notable that this message is represented in English, which suggests that it may be targeted at computer users all over the world. Nevertheless, the demands could be adjusted accordingly to your geographical location, making the attack more personal. Synolocker removal is crucial to your virtual security; however, getting rid of this infection is tremendously difficult. First of all, since the threat encrypts files, its removal is often postponed for an extended period of time. This is not how the infection should be handled.

Even though Synolocker works similarly to Cryptolocker, Cryptorbit, Cryptowall, and other dangerous infections which require immediate removal, this ransomware has one distinctive feature. This threat affects NAS (network attached storage) devices manufactured by Synology and run on Linux OS. The attack of this ransomware may be managed using CVE-2013-4475 and CVE-2013-6987 vulnerabilities, both of which have been patched more than 7 months ago, which is why DSM 5.0 (DiskStation Manager 5.0) should not be affected. The vulnerabilities allow schemers to circumvent file restrictions and access different data. It appears that to encrypt files schemers employ RSA-2048 public key and 256-bit keys. If this happens, you are requested to pay the aforementioned sum using the Bitcoin payment system. Even though it is important to delete Synolocker, you also need to take care of the affected files. If you remove the infection right now, you will not be able to restore the files.

Currently there is no secure way to decrypt files affected by Synolocker. Some computer users choose to pay the requested ransom; however, this is not what we recommend, simply because the payment may be ineffective. The best thing you can do right now is turn off the affected system and immediately contact the Synology support desk. The technicians are working hard to find a way for you to have the affected files restored. Unfortunately, based on the information collected when dealing with other ransomware of this kind, it is unlikely that you will be able to restore them. Due to this, we suggest you delete Synolocker using automatic malware removal software and continuously backup important files so that you would not lose them in the future.