Tag: Tech

Posted on

Synology Issues Official Statement to Address SynoLocker Ransomware

Synology on SynoLocker

Synology has been sending users email regarding the SynoLocker ransomware, mirroring the statement posted at Synology website from August 5, 2014.

Dear Synology users,

We would like to inform you that a ransomware called “SynoLocker” is currently affecting some Synology NAS users. This ransomware locks down affected servers, encrypts users’ files, and demands a fee to regain access to the encrypted files.

We have confirmed that the ransomware only affects Synology NAS servers running older versions of DiskStation Manager by exploiting a security vulnerability that was fixed and patched in December, 2013.

Affected users may encounter the following symptoms:

  • When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
  • Abnormally high CPU usage or a running process called “synosync” (which can be checked at Main Menu > Resource Monitor).
  • DSM 4.3-3810 or earlier; DSM 4.2-3236 or earlier; DSM 4.1-2851 or earlier; DSM 4.0-2257 or earlier is installed, but the system says no updates are available at Control Panel > DSM Update.

If you have encountered the above symptoms, please shutdown the system immediately and contact our technical support here: https://myds.synology.com/support/support_form.php

If you have not encountered the above symptoms, we strongly recommend downloading and installing DSM 5.0, or any version below:

  • DSM 4.3-3827 or later
  • DSM 4.2-3243 or later
  • DSM 4.0-2259 or later
  • DSM 3.x or earlier is not affected

You can manually download the latest version from our Download Center and install it at Control Panel > DSM Update > Manual DSM Update.

If you notice any strange behavior or suspect your Synology NAS server has been affected by the above issue, please contact us at security@synology.com.

We sincerely apologize for any problems or inconvenience this issue has caused our users. We’ll keep you updated with the latest information as we continue to address this issue.

Thank you for your continued patience and support.

Sincerely,
Synology Development Team

As a rule of thumb, Synology users should put their DiskStations behind firewalls and disable port forwarding for now. Make sure the DiskStations are running the latest version of DSM possible. More importantly, backup the content of the DiskStation.

Posted on

iTunes 11.3.1

iTunes 11.3.1

Apple released iTunes 11.3.1

iTunes 11.3.1 addresses a problem where subscribed podcasts may stop updating with new episodes and resolves an issue where iTunes may become unresponsive while browsing your podcasts episodes in a list.

Posted on

WordPress 3.9.2

WordPress 3.9.2 is released to address some security issues.

WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately.

This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It  was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated joint security releases.

It is highly imperative to update to WordPress 3.9.2.

WordPress 3.9.2

In July 2014, WordPress plugin MailPoet were found to be vulnerable and affected sites running Joomla and Magento.

Posted on

Random Pick: NewerTech AdaptaDrive

For the past two days I had been installing SSD on numbers of desktop computer. One thing that would have come handy is a 2.5-inch to 3.5-inch adapter bracket. In the past, I bought several NewerTech AdaptaDrive to accommodate the need for such adapter. Once again I found myself needing such adapter. I have just ordered a few units to finish up the upgrade, properly.

NewerTech-AdaptaDrive

NewerTech AdaptaDrive costs about $15 and can be easily purchased from Other World Computing.

Posted on

iOS 8.0 beta 5

Apple seeds iOS 8.0 beta 5 build 12A4345d to Developers.

iOS 8.0 beta 5

iOS 8.0 beta 5 now shows indicators when Wi-Fi calling is enabled. This feature is currently available on T-Mobile USA network.

Posted on

Synology Vulnerability and Ransomware

In the early Sunday morning of August 3, 2014, a tweet by Mike Evangelist was linked on Hacker News.

Lovely. My @Synology NAS has been hacked by ransomware calling itself Synolocker. Not what I wanted to do today. pic.twitter.com/YJ1VLeKqfY

Mike Evangelist Tweet Synology Synolocker

I was somewhat scared by this news as some users at Synology forums reported that they were also victims of  SynoLocker which is a CryptoLocker malware which specifically targets Synology NAS. I am managing numbers of Synology NAS for a few small offices and homes. Granted that none of them are directly connected to the Internet, but I have to make sure none of them would be hacked and crypto-locked.

Make sure your Synology NAS is running the latest DSM Operating System.

Synology Software Update

For now, disable the QuickConnect service.

Synology Disable QuickConnect

Disable all port-forwarding if your Synology DiskStation is behind a NAT Firewall. This is a definite inconvenience; better to be safe than sorry.

More importantly, back-up the content of your Synology NAS. Should anything happen, you still have your data. My colleague has a great advice on backing up:

As always, if you have data on your Synology that you consider irreplaceable, make sure that you have it backed up to. I’d recommend using the built in Amazon S3 client. It’s cheap and fairly easy to set up, and should help you in case of a disaster.

I personally also run a backup to another hard drive locally for rapid recovery.