It is confirmed that Synology NAS servers running older versions of DiskStation Manager (DSM) are being targeted by a ransomware known as "SynoLocker," which exploits two vulnerabilities that were fixed in November and December, 2013, respectively. At that time, Synology released security updates and notified users to update via various channels.
Affected users may encounter one of the following symptoms:
For users who have encountered the above symptoms, please shutdown the system immediately to avoid more files from being encrypted and contact our technical support to confirm whether the system is infected. Please note Synology is unable to decrypt files that have already been encrypted.
If you happen to possess a backup copy of your files (or there are no critical files stored on your DiskStation), Synology recommends following the below steps to reset your DiskStation and re-install DSM. However, resetting the DiskStation removes the information required for decryption, so encrypted files cannot be decrypted afterward.
For other users who have not encountered the above symptoms, Synology strongly recommends downloading and installing DSM 5.0, or any version below:
Users can also manually download the latest version from Synology's Download Center and install it at Control Panel > DSM Update > Manual DSM Update.
If you notice your DiskStation behaving suspiciously even after being upgraded to the latest DSM version, contact firstname.lastname@example.org.