This is different from Cryptolocker. Synology uses BusyBox (Linux) as a foundation while all of the NAS configuration is done through a web interface.
These are becoming very popular for people to save their libraries of pictures, documents, home movies, etc. I personally have 2 of them, but I use them solely for iSCSI LUNs mapping to my VMware server. I turned off the Internet-facing components a long while back, as they’re not very useful to me.
Encrypting the contents of these devices would be devastating for someone who uses them for personal memory storage.
I can see why this is a big deal, however, note that the proven affected revision of the DSM software is < DSM 5.0. If you’re keeping your NAS software up to date, you’re relatively safe. Take it off of your home network, out of the DMZ, setup firewalls to ensure it’s insulated from the Internet, and you should be okay. The terrifying part about this is it’s a PUSH operation whereas Cryptolocker was phished.
There are weaknesses to the cloud storage model. I firmly believe in having backups including offsite backups. Offsite meaning geographical as well as not mapped so these types of hacks can find them.
This is beginning to sound more serious.
I actually had not had any experience with the Synology products, but some of the machines I work with do have some NAS devices attached so this I thought might bear some looking into.
Think I’ll start doing some checking when I go out and about today to perform some security checks.