Synology is telling owners of its network attached storage (NAS) devices to ensure they’re protected with a strong password. There have been increasing incidents of hackers brute-forcing their way into them with dictionary attacks and encrypting the drives with ransomware.
Users on the official Synology forum say the crooks want 0.06 BTC (around $570) for their data to be decrypted. The good news is that these attacks can be easily prevented with not only a complex password, but the “auto lock” feature in DiskStation Manager, which locks down an account with too many failed login attempts.
“We believe this is an organized attack. After an intensive investigation into this matter, we found that the attacker used botnet addresses to hide the real source IP,” said Ken Lee, manager of Synology’s security incident response team.