POST A COMMENT

19 Comments

Back to Article

  • thedeepfriedboot - Monday, August 04, 2014 - link

    No sign of it on my station running DSM5, but I did a remote shutdown until I can get home this evening, check for security issues, and lock down my firewall. Reply
  • JarredWalton - Monday, August 04, 2014 - link

    My dad got the Crytowall ransomware virus a couple months back, which wanted something like $2000 in BTC if you didn't pay within the first week after getting infected. I'm not sure if he ever paid, but he didn't have a backup solution in place so basically he's SOL. Nasty business! Reply
  • ebruddah - Monday, August 04, 2014 - link

    Does anyone know if you can run updates on the fly without service interruption? Reply
  • FordGuy - Monday, August 04, 2014 - link

    Updates will interrupt service (at least on my DS414...).

    The update from DSM4 to DSM5 required a reboot, as did applying the DSM5 updates.

    Updating individual packages (VPN, etc) did not require a server reboot. However, the individual process must be stopped an restarted.
    Reply
  • Beany2013 - Tuesday, August 05, 2014 - link

    Depends on your definition of 'interruption'. If it's a home server that's used for streaming music and video your laptop etc, then it's a couple of minutes to do a minor patch (IE 4.3.x to 4.3.y). For a major version, it's a bit longer, but it's not huge - I don't recall leaving my device overnight or owt, think it was less than an hour. A quick Youtube search suggests about ten to twenty minutes.

    If it's in use at work, is an email server etc, you'll want to schedule some downtime, but we're talking less than an hour. Remember, this is a custom stripped and rebuilt linux distro, not a full on desktop system, and certainly not a Windows Service Pack or inplace upgrade. And everything will be working again as soon as it reboots.

    HTH
    Steven R
    Reply
  • shank15217 - Monday, August 04, 2014 - link

    Lets put files on the cloud some more.. Reply
  • Impulses - Tuesday, August 05, 2014 - link

    Umm, this has little to do with the cloud? It's about malware infecting home NAS boxes and asking a ransom for your data, those boxes usually have net access for a variety of reasons other than cloud sync (remote access etc). In fact I'd dare say a cloud service is possibly less vulnerable to this sorta thing than a Synology NAS, or at least I hope that's the case. Either way, relying on any one solution is folly. Reply
  • KamikaZeeFu - Tuesday, August 05, 2014 - link

    If you needed a reason to store your data in more than 1 physical location then this is as good as it gets. Reply
  • Beany2013 - Tuesday, August 05, 2014 - link

    If you need a reason to run multiple backups (three disks, rotate the disk each day), obfuscated ports, running only essential services, this is also as good as it gets! Reply
  • Bob Todd - Tuesday, August 05, 2014 - link

    How aggressively does DSM update itself? Were any SKUs left at 4.3 and never updated to 5.0? Assuming the current 5.x code base doesn't suffer the same vulnerability, I'm just curious to know the possible footprint for the impact. It's software and software has bugs, but if the numbers are manageable they are better off being exceedingly generous to affected customers. "Sorry for the gadget rage your 2 bay Synology getting hacked has caused, while you are updating DSM and wiping your system to start over, we're shipping you a bonus 4 bay NAS on us. Tell your wife we are sorry about the wedding photos." Reply
  • icrf - Tuesday, August 05, 2014 - link

    Synology is kind of Nvidia-like when it comes to updates. They have one code base ported to support pretty much everything they've released. The DS411j I bought for my parents 3-4 years ago is updated to DSM 5.0, and receives updates every month or so. That's one of the main reasons I picked Synology over any of the other NAS options. It sounded like it would be supported much longer. It may have made a larger attack target with such homogeneous software, though.

    The update to 5.0 seems to be more aggressive about updates, too. It sends me an email every time one is available and a few times a week until I install it. I don't remember 4.3 doing that.
    Reply
  • Bob Todd - Tuesday, August 05, 2014 - link

    Thanks! I figured it was probably like most NAS software that harassed you via email about updates but didn't apply them automatically. Understandable for large updates like 4.x to 5.x that could potentially bork the system for a small number of users and drive contact rates for support. It would be nice if they at least had the ability to flag security critical updates and have the NAS self-update (i.e. from 4.3.0 -> 4.3.1 with a patch to the old release branch). Reply
  • Beany2013 - Tuesday, August 05, 2014 - link

    I read somewhere that automatically installed updates are coming in a future release - I can't find an explicit option in the current latest version to have it, say, automatically install the latest patch at 2pm on a Wednesday or anything - but it can currently automatically download updates in DSM 5 (can't remember if that's it's default state). Reply
  • brucek2 - Tuesday, August 05, 2014 - link

    If we have to have a super expensive and super invasive NSA world-wide spying apparatus, could they at least please take a few seconds out from their normal business to locate these jerks, recover all the encryption keys, then send out a couple drones? Thanks! Reply
  • sneaky999 - Tuesday, August 05, 2014 - link

    Haha loved that comment. However that would mean that said government institutions revealed their capabilities to the public by actually using them to help the public...Not going to happen any day soon I reckon Reply
  • CBauer00010010 - Tuesday, August 05, 2014 - link

    Dose anyone know if paying the ransome works? I have paper copies of all my files but the time it would take to rescan them would cost my company thousands. Reply
  • imaheadcase - Tuesday, August 05, 2014 - link

    Not always. People have reported paying, only to get it locked back again. Why wouldn't they if they know you are willing to pay in the first place?

    I personally would not care, i have everything backed up. I would simply disconnect from internet, format nas, and copy everything back. Only THEN would I pay, but not them, some hacker for revenge. I would pay more than they wanted, just to see them suffer. Oh not the simple suffering, i would make them suffer real pain in the real world.
    Reply
  • josephPHPagoda - Tuesday, August 05, 2014 - link

    Don't pay. These kind of things continue to happen because people create incentive to do so. There is no promise it will work, and you are funding this sort of behavior if you pay. My recommendation is to deal with the pain knowing that at least you aren't giving criminals funding to continue this sort of behavior. To mitigate this sort of risk, make sure you have proper backups in the future. I had a friend get hit with something similar to this, but since he had backups, it took a simple copy/paste and he was back up and running with nothing lost (just 5 minutes or so). Reply
  • Beany2013 - Tuesday, August 05, 2014 - link

    Reports from the Syno forums are that it does work (they even provide you with full instructions on how to do it over SSH) but three portable HDDs to back up to, with the disk changing every day, would be cheaper and more efficient overall - and if you notice on Thursday that all your data is encrytped, you can go back to Wednesdays backup and recover from that.

    It's cheaper than rescanning and better than paying the scumsucking little bastards who came up with this (as others have noted, correctly)
    Reply

Log in

Don't have an account? Sign up now