Network Attached Storage (NAS) company Synology has issued an urgent warning for owners to check their box’s security settings after it emerged cybercriminals are targeting numerous NAS vendors with a new wave of ransomware.
At first it was thought that recent attacks could be exploiting an unknown software vulnerability in Synology’s products, but according to the company it has since been established that the attackers’ method is a much simpler but still effective brute-forcing of admin credentials.
We believe this is an organised attack. After an intensive investigation into this matter, we found that the attacker used botnet addresses to hide the real source IP.Synology’s Manager of Security Incident Response Team, Ken Lee
Spotted on 19 July 2019, the campaign involves trying lots of commonly used passwords on internet-connected NAS boxes. The attackers hope that eventually they’ll hit on a password that allows them the access necessary to encrypt the data on it.