SynoLocker ransomware urges 5500 victims to pay - or their data is gone

The cybercriminals behind the SynoLocker ransomware, which secretly encrypts data on Synology NAS devices, urge their victims to pay soon. The victims only have a couple of days left to exchange some Bitcoins for the decryption key, which will give them their data back.

myce-synolocker-countdown

ADVERTISEMENT

On the website where a decryption key can be 'purchased' for 0.6 Bitcoin ($350 / €260) from the cyber criminals, the criminals have added a countdown timer. Victims should get the decryption key before the countdown timer is at zero, according to  Finnish antivirus company F-Secure.

The SynoLocker developers claim that 5500 keys haven't been purchased by victims of the malware. They also threaten to sell the remaining keys, for which the criminals ask 200 Bitcoin ($103,000 / € 77,000).  Once the countdown timer is at zero, the criminals threaten to remove the website and to delete all databases containing the encryption keys of the victims. Once they've deleted the keys, there is no way to decrypt the data anymore and the data can be considered lost.

It's unclear how the CryptoLocker variant infects Synology NAS devices, it is known that the malware doesn't infect devices running Synology's management software DSM 5.0 and DSM 3.x. Only several versions of DSM 4.x appear to be vulnerable when they aren't updated with a DSM update released in December 2013. Synology has already patched the vulnerability and recommends its users to update their DSM all the time. DSM 5.0 will update itself unless that feature has been turned off.

ADVERTISEMENT

No posts to display