[Utilizer]

If you have an internet-accesible NAS made by synology you are cautioned to take it offline for a bit. A new version of the Cryptolocker virus is appearing as a 0-day exploit and the company is scrambling to fix the vulnerability.

Only this company hit so far but other NAS owners might wish to take a look at the article and consider taking their units offline for a bit as well until this new exploit is delved further into.

[driftdiver]

Cryptolocker stores the key they used to encrypted the drive on the workstation in a clear text file.

[Utilizer]

*ping* FYI.

[ShadowAce]

[Billthedrill]

Neal Stephenson did something like this in Reamde. BTT

[LevinFan]

Why are these maggots not shot when caught? For them to get paid, there has to be a trail leading to them. Maybe hidden by uncooperative countries and businesses, but their participation needs addressed too.

[rarestia]

FYI to anyone who might be affected, there's a somewhat palatable "workaround" to prevent this from completely consuming your data:

Synology disk HACKED (Synolock)

If you remove your disks from the NAS, boot to an empty/clean single disk, install DSM to that disk, shutdown, and replace the old disks, it can update the firmware without corrupting your personal data.

That being said, it appears the Synolocker loads into a local Linux module, sits in memory, and blocks access to the admin page. If you get the message on your admin page, you shutdown the NAS and your data might be safe. It appears that accessing the data via UNC despite the admin page message proves the data is not immediately affected.

[Utilizer]

Well, duty calls. I have to start getting some equipment and discs, recovery software, and a rescue laptop and go try to help someone running a Vista OS that seems barely responsive -relatively speaking, of course.

I’ll check back in this evening to see what other info pops up.

Cheers!