Only this company hit so far but other NAS owners might wish to take a look at the article and consider taking their units offline for a bit as well until this new exploit is delved further into.
Cryptolocker stores the key they used to encrypted the drive on the workstation in a clear text file.
*ping* FYI.
Why are these maggots not shot when caught? For them to get paid, there has to be a trail leading to them. Maybe hidden by uncooperative countries and businesses, but their participation needs addressed too.
Synology disk HACKED (Synolock)
If you remove your disks from the NAS, boot to an empty/clean single disk, install DSM to that disk, shutdown, and replace the old disks, it can update the firmware without corrupting your personal data.
That being said, it appears the Synolocker loads into a local Linux module, sits in memory, and blocks access to the admin page. If you get the message on your admin page, you shutdown the NAS and your data might be safe. It appears that accessing the data via UNC despite the admin page message proves the data is not immediately affected.
Well, duty calls. I have to start getting some equipment and discs, recovery software, and a rescue laptop and go try to help someone running a Vista OS that seems barely responsive -relatively speaking, of course.
I’ll check back in this evening to see what other info pops up.
Cheers!