Synology NAS Attack

Hi Mike

Thanks for the heads up on this. I run DSM 3.2 and don't really want to update it. It is only used as a music server so needs no internet access. Any idea how, if possible, i can remove access from the net but leave it on my network. The firewall is set to only allow a few devices on my LAN to access it

Graeme

Hi Graeme,  I have to ask why not update ???  its just the right thing to do no matter what,  better operation if nothing else.

As I understand it - & I am no expert in any way shape or form

Your router firewall should normally block access, but this is a ransomware raid that works because it has the ability to get thru firewalls,  it seems to have done so with DSM 4.3,  so I would be concerned & get the latest rev installed as Synology really do need to have all users on a small list of latest revs so they can focus on only these revs & to set up the required safeguards & security.   

Disconnecting from www is one way,  but IMO that defeats all the benefits that the Synology www brings, it turns the NAS into not much more than a dumb recorder.

I run a lowly spec'd DS212j. I did some experiments updating to DSM5, but found running transcoding on Minimserver took it to the limits of performance and concerned that i may end up getting intermittent playback.

Also DSM3.2 is the last version that transcoding worked correctly on media server. The NAS serves no more purpose than a glorified storage device, as i don't use it for anything else other than running Minimserver.

Im in the process of looking for a new 4 bay model, DS414 in mind, but have to say i may think twice now. Bloody hackers.

Graeme

Wat

wat would be your suggestion

I know that they are not fashionable here, but I have never had an issue with Netgear NASs.. They just seem to work without any glitz or panache.

Simon

Its my understanding that no NAS brand is safe Simon, its seems this malware ransom attack by a hacker called Synolocker has targeted Synology. 

Latest seems to indicate its potentially a problem for those who use port forwarding to access their NAS from outside the home network - so probably not such a huge issue for music NAS users.  

Info on the www sez ..........

If you have exposed your Synology NAS ports 5000 or 5001

- close those ports - NOW.

These are the default HTTP and HTTPS web server ports for Synology and allow access to the administration page

Also be aware that if you use the Synology "EZ-Internet" router utility it will open these ports, so under no circumstances use this tool until Synology has worked out some better defaults. 

Mike, thanks for that. I must admit I am very wary of using port forwarding from the internet onto my LAN. For me I block all incoming sessions and would only allow it if it was was via an IPSec tunnel or a pre shared key SSL session into a strict DMZ distinct from the rest of my LAN.

Simon

Mike, thanks from me as well. I must admit I have been a bit negligent with my Synology DSM updates.

It appears that my NAS has not been unlucky enough to have been compromised, and I now have an up-to-date version of the DSM.

I suspect that this will not be an issue only with Synology - best to keep up-to-date with software on whichever NAS or storage device you use!

Thanks again,

hmack

Update :  

Based on the latest observations Synology are still urging to update older versions of DSM 4.3-3810 or earlier.  This closes a security vulnerability that was fixed in December 2013.

At present they have not seen vulnerability in DSM 5.0 .....

Official Synology statement, that I received per mail this morning:

 
Important security message regarding SynoLocker
 
Dear Synology users,

We would like to inform you that a ransomware called "SynoLocker" is currently affecting some Synology NAS users. This ransomware locks down affected servers, encrypts users’ files, and demands a fee to regain access to the encrypted files.
We have confirmed that the ransomware only affects Synology NAS servers running older versions of DiskStation Manager by exploiting a security vulnerability that was fixed and patched in December, 2013.

Affected users may encounter the following symptoms:

When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
Abnormally high CPU usage or a running process called “synosync” (which can be checked at Main Menu > Resource Monitor).
DSM 4.3-3810 or earlier; DSM 4.2-3236 or earlier; DSM 4.1-2851 or earlier; DSM 4.0-2257 or earlier is installed, but the system says no updates are available at Control Panel > DSM Update.
If you have encountered the above symptoms, please shutdown the system immediately and contact our technical support here: https://myds.synology.com/support/support_form.php

If you have not encountered the above symptoms, we strongly recommend downloading and installing DSM 5.0, or any version below:

DSM 4.3-3827 or later
DSM 4.2-3243 or later
DSM 4.0-2259 or later
DSM 3.x or earlier is not affected
You can manually download the latest version from our Download Center and install it at Control Panel > DSM Update > Manual DSM Update.
If you notice any strange behavior or suspect your Synology NAS server has been affected by the above issue, please contact us at security@synology.com.

We sincerely apologize for any problems or inconvenience this issue has caused our users. We’ll keep you updated with the latest information as we continue to address this issue.
Thank you for your continued patience and support.

Sincerely,
Synology Development Team

Hi,

As soon as I heard about the issue (thanks again to Mike), I upgraded my version of the DSM to 4.3-3827 which appears to be on the 'OK' list from Synology.

I didn't upgrade to DSM 5, because I was a little unsure about whether or not this mean a substantial change to the look and feel of the product. Has anyone upgraded from an earlier version (4.0, 4.1, 4.2 or 4.3) to DSM 5? If so, can you describe any changes?

Thanks.

I have the latest DSM 5.0-4493 Update 3  

I always look for updates no matter what, any & all PC OS & security progs & I check the NAS everytime I open DSM,  that said I do not need to go there to do stuff,  but just look from time to time to see if updates or reports need attention.

It looks different & is claimed to be smarter & simpler - which it is, but maybe more bling & fluff than required for use with a hifi NAS system.  But whatever, as per above I recommend you get it as if nothing else,  it will do no harm & it may help with issues you didn't even know you had.   

The new features & improvements listed:

Better Cloud

More efficient backup with Synology Snapshot Manager

Improved performance: SSD read-write cache is supported to reduce I/O latency.

More multimedia & mobile: view albums & share videos & photos

General IT management is easier: 

Yes, I did upgrade, and quite like it. The new look goes towards the actual "flat" trend. The first few logins I had to look for my usual features. But it's soon normal.

Here is the "Discover the new DSM 5.0" page with what's new, features, screenshots:

http://www.synology.com/en-global/dsm/index

And here you have a "Live Demo" where you can log-in to a NAS with DSM 5 to try yourself:

http://www.synology.com/en-glo...roducts/dsm_livedemo

Mike & Adrian,

Thanks for this information. I think I'll go ahead with the upgrade, although I'm not too enamoured with the 'flat' trend that seems to be the fashion everywhere these days.

Thanks again.

Just had a look at the demo of DSM 5 and I think I've changed my mind.

Why on earth would anyone think that the look and feel of the new DSN is better than the old. Synology has replaced an interface that to me was more or less perfect with something that to me looks pretty ghastly.

Apple has a lot to answer for. I felt exactly the same when I moved from an early iPad to an iPad Air. I still think the original 'non flat' look and feel was so much better.  

The latest version of DSM 4.3 for me until I really need to move.

You do realise that DSM 5.0 is not just about the look of the interface?  (which isn't really much different anyway)

I do indeed! I work in IT, am very well aware of the potential pitfalls. I religiously keep my virus protection and my operating system patches up-to-date.

- and I probably will upgrade even although Synology claim that the version of 4.3 I am currently on is not susceptible to the recently announced security flaws.

A bit of petulance on my part about a needless change to the look (mostly) & feel of the product. There isn't much newer functionality in version 5 to counter my feelings about the new look. However, since the interface is not exactly something I use every day, I guess I'll bite the bullet and upgrade.  

But really - does anyone really prefer the new look, and does anyone really prefer the look of the new Apple OS? 

On a slightly different tack, I see on the Synology forums that more than a few people have reported  severe stuttering/buffering issues when streaming video after their upgrade to DSM 5. Although my NAS is mostly used for music, I do occasionally stream HD home movies from my NAS to my Smart TV.

Has anyone experienced this with DSM 5?

Absolutely none whatsoever. I have quite a few 24/192 material and again no dropouts, it has been flawless. 

I would have no hesitation in recommending this upgrade.

Adrian F.

Many thanks for the info, think ill stick with DSM 3.2 does everything i need. Few, just goes to show a NAS is not a safe means of backup.

Graeme

Music only as I cannot comment on video streaming as I don't do any.

i will say in general I have been very impressed with my Synology DS213+

I wish I had much less to worry about, so that the look and feel of my NAS dashboard was so important to me.

Upgrade it to get the best security profile they have to offer, and assume that your brain will adapt to the "flat" look of the interface graphics in about 2 days tops. 

I guess those that eat the exact same thing for lunch every day, for holiday go to the exact same cabin in the woods, and have been driving the same car for 12 years, don't adapt well to change.

(Yes, for the record, my Synology DSM is fully up to date.  I guess I'm at the far end if the IQ curve as I managed to learn the new interface.  Somehow.)

Hmack

i did test DSM5 on my 212j but found when minimserver was transcoding 24/192 files resources were maxed out so reverted back to DSM3.2. Although i didn't get any drop outs i thought it a possibility with no overhead available. 

Graeme

Bart,

You are correct!. My life is so well-sorted that I have absolutely nothing to worry about other than the look and feel of my NAS dashboard.

.. and I do try to eat something other than chips on a Thursday - roast potatoes today! - not as nice as chips though!. 

Took me years to move from vinyl to CD and even longer to move from CD to network music streaming. Must be a genetic flaw in there somewhere.

I'm obviously not blessed enough to be at the high end of the IQ curve, but then I'm not really intelligent enough to overly worry about it   

Seriously though, I do like the Synology DSM (pity about the new look!). As a matter of interest, do you stream video from your NAS, and if so, have you encountered any video buffering issues following your upgrade to DSM 5.0.  

Originally posted by Graeme

"Hmack

i did test DSM5 on my 212j but found when minimserver was transcoding 24/192 files resources were maxed out so reverted back to DSM3.2. Although i didn't get any drop outs i thought it a possibility with no overhead available. 

Graeme"

Thanks for this Graeme. I don't personally transcode any of my music on the fly, so I don't think that this would be an issue for me, However, I am a little worried about reported problems with video streaming using DSM 5.0.

On a slightly lighter note, don't you think Bart's aesthetic tastes are a little flawed - a very intelligent chappie apparently, but he actually appears to like the look of the new DSM?  

         

 

<script type="text/javascript">// <![CDATA[ isReplyLiked.set('40284010783306815', false); // ]]></script>                   Like        (0 likes)