Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




196 posts

Master Geek
+1 received by user: 9


Topic # 150814 4-Aug-2014 12:10
One person supports this post
Send private message

A heads up for anyone using a Synology NAS:

https://twitter.com/MikeEvangelist/status/495970097497128960

Looks like there's now a version of Cryptolocker specifically targetting Synology NASes - and you just have to have the web features enabled on your NAS to get potentially hit...

 

 


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4
Amanzi
815 posts

Ultimate Geek
+1 received by user: 50

Trusted
Subscriber

  Reply # 1101667 4-Aug-2014 12:43
Send private message

Scary stuff. From what I gather, if you get infected with Cryptolocker you only have two options: 1. pay the ransom and hope it works; or 2. restore your files from backup. Hard to tell from that Twitter thread how the NAS got infected?

BDFL - Memuneh
59436 posts

Uber Geek
+1 received by user: 10652

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1101668 4-Aug-2014 12:43
4 people support this post
Send private message

I just got a Synology here to try... So let's see if I can get it infected.





 
 
 
 


1245 posts

Uber Geek
+1 received by user: 137


  Reply # 1101674 4-Aug-2014 12:48
Send private message

I own a couple of Synology NAS boxes ( back in the DSM 1.x and 2.x days) and found the software and documentation to be shoddy. Doesn't surprise me if these things are happening. I'm still using the NAS boxes as they are feature packed



196 posts

Master Geek
+1 received by user: 9


  Reply # 1101676 4-Aug-2014 12:59
Send private message

https://news.ycombinator.com/item?id=8128521 suggests there's some possible holes in the LAMP stack implementation... in https://twitter.com/MikeEvangelist/status/496025753721790464 he's said that he has AFP and SMB exposed to the net too.

BDFL - Memuneh
59436 posts

Uber Geek
+1 received by user: 10652

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1101678 4-Aug-2014 13:01
Send private message


196 posts

Master Geek
+1 received by user: 9




196 posts

Master Geek
+1 received by user: 9


  Reply # 1101681 4-Aug-2014 13:02
Send private message

freitasm: Well, there you go. SMB and AFP exposed. *sigh*




Not exactly the brightest of moves, that...

Amanzi
815 posts

Ultimate Geek
+1 received by user: 50

Trusted
Subscriber

  Reply # 1101685 4-Aug-2014 13:06
Send private message

fastmikey:
freitasm: Well, there you go. SMB and AFP exposed. *sigh*




Not exactly the brightest of moves, that...


I don't understand how someone could have accidentally done this? And surely he wouldn't have configured his router/firewall/modem to explicitly allow connections from the internet to get to his NAS on those ports? Doesn't make sense to me.



196 posts

Master Geek
+1 received by user: 9


  Reply # 1101699 4-Aug-2014 13:35
Send private message

amanzi:
fastmikey:
freitasm: Well, there you go. SMB and AFP exposed. *sigh*




Not exactly the brightest of moves, that...


I don't understand how someone could have accidentally done this? And surely he wouldn't have configured his router/firewall/modem to explicitly allow connections from the internet to get to his NAS on those ports? Doesn't make sense to me.


Why you would configure like that I can't explain, short of sheer laziness. However, looking at some of the commentary, it looks more likely that the vulnerability is in the web interface - and apparently it's not uncommon to have that forwarded (port 5000/5001).

 

DSM 4.3-3827 Update 4

 

(2014/6/25)

 

Change Log

 

     

  1. Updated OpenSSL to version 1.0.1h to address several severe security issues. (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, and CVE-2014-3470)
  2. Fixed a security issue that allows attackers to avoid checking mechanism and execute unintended commands via Web script.

 


may well point to what's being exploited on unpatched systems.

As I don't have any affected systems (yet, God willing!) however I can't speak with any certainty...

gjm

736 posts

Ultimate Geek
+1 received by user: 90


  Reply # 1101703 4-Aug-2014 13:51
2 people support this post
Send private message

Only synology service I expose to the internet is VPN. I just dont know why you would open everything else up like that




[Amstrad CPC 6128: 128k Memory: 3 inch floppy drive: Colour Screen]

225 posts

Master Geek
+1 received by user: 15


  Reply # 1101710 4-Aug-2014 14:02
Send private message

SMB is almost useless over the internet anyway as it would be very slow (I've tried it - SMB tends to be very chatty).

The only way to get to my NAS's web is by going through my router's SSH server first.

1498 posts

Uber Geek
+1 received by user: 507

Subscriber

  Reply # 1101745 4-Aug-2014 15:01
Send private message

gjm: Only synology service I expose to the internet is VPN. I just dont know why you would open everything else up like that


Out of curiosity what are you using the VPN connection for?

To connect to your NAS from the web or to connect your NAS to an external VPN?

I was curious as to whether I could use my 412+ VPN to connect to Netflix and then connect a Roku to NAS client and get Netflix..

? A.



3795 posts

Uber Geek
+1 received by user: 1891

Lifetime subscriber

  Reply # 1101814 4-Aug-2014 15:52
Send private message

Having read this thread I have updated the DSM (operating system) firmware on my Synology DS1813+.
At the end of the install I was offered "QuickConnect" software which I declined, as well as all the other optional extras.
"QuickConnect lets you access your Synology DS1813+ anywhere"
I presume it is the "QuickConnect" software that is vulnerable to Synolocker.




Sideface


Meow
6942 posts

Uber Geek
+1 received by user: 3249

Moderator
Trusted
Lifetime subscriber

  Reply # 1101816 4-Aug-2014 15:52
Send private message

I have a few of these scattered around to backup my mine and my flatmates servers,

One of our sites got pwned - really not good:





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


Amanzi
815 posts

Ultimate Geek
+1 received by user: 50

Trusted
Subscriber

  Reply # 1101820 4-Aug-2014 15:56
Send private message

michaelmurfy: One of our sites got pwned - really not good:


I'm curious to know what your plan is to fix it? I'm interested to see if there's an alternative to paying the ransom or relying on backups.

 1 | 2 | 3 | 4
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand's IT industry in 2018 and beyond
Posted 22-Jan-2018 12:50


Introducing your new workplace headache: Gen Z
Posted 22-Jan-2018 12:45


Jucy set to introduce electric campervan fleet
Posted 22-Jan-2018 12:41


Hawaiki cable system will be ready for service in June 2018
Posted 22-Jan-2018 12:32


New Zealand hits peak broadband data
Posted 18-Jan-2018 12:21


Amazon Echo devices coming to New Zealand early February 2018
Posted 18-Jan-2018 10:53


$3.74 million for new electric vehicles in New Zealand
Posted 17-Jan-2018 11:27


Nova 2i: Value, not excitement from Huawei
Posted 17-Jan-2018 09:02


Less news in Facebook News Feed revamp
Posted 15-Jan-2018 13:15


Australian Government contract awarded to Datacom Connect
Posted 11-Jan-2018 08:37


Why New Zealand needs a chief technology officer
Posted 6-Jan-2018 13:59


Amazon release Silk Browser and Firefox for Fire TV
Posted 21-Dec-2017 13:42


New Chief Technology Officer role created
Posted 19-Dec-2017 22:18


All I want for Christmas is a new EV
Posted 19-Dec-2017 19:54


How clever is this: AI will create 2.3 million jobs by 2020
Posted 19-Dec-2017 19:52



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.