When your products get targeted with custom made ransomware, you know you've got it made. We're talking about NAS (network-attached storage) built by Synology in Taiwan. the malware has started wreaking havoc over the weekend, looking at couple of posts on different online help forums,
"My Diskstation got hacked last night. When I open the main page on the webserver I get a message that SynoLocker has started encrypting my files and that I have to go to a specific address on Tor network to get the files unlocked," a user shared his experience on Synology's forum.
"It will cost 0.6 BitCoins. It encrypts file by files. Therefore I started to copy my most important files to another disk while encryption was in progress on other files. After the most important files was copied I turned off my disk."
The ransom message identifies the attack as the the result of a "SynoLocker" infection, explains how the files are encrypted (and threatens that "without the decryption key, all encrypted files will be lost forever"), and urges affected users to visit an .onion domain in order to get further instructions on how to get the key.
Synology is working on fixing the problem, but it's still unknown how the malware manages to compromise the devices. One guess is the exploitation of a vulnerability, as was the case with the recent instances of Synology DiskStations infected with Bitcoin miners. More at net-security.org: http://www.net-security.org/malware_news.php?id=2827