SynoLocker gang planning to move on?
Posted on 14.08.2014
The crooks behind SynoLocker have made some changes to the website sporting the payment instructions. They are trying to spur more victims to pay up by saying that the website will be take offline soon and, once that happens, they will not be able to get the private keys needed to decrypt their files:


They are offering to sell the encryption keys that have not yet been claimed for 200 Bitcoin (around $103,000). It seems that they might be thinking about ending this particular campaign.

It's still unclear how SynoLocker specifically infects Synology NAS devices, but the company has noted that only Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier) have been affected, and it's all because they sported a specific vulnerability that has been patched in later versions.

According to F-Secure's Artturi Lehtio, the malware does not come in the form of a single malicious binary, but is actually a collection of files that get uploaded to the target device via this infection vector.

"On the surface, SynoLocker and CryptoLocker share many similarities, not the least of which are a similar name, similar choice of encryption algorithms and the idea of extorting money from victims. Under the surface however, the similarities quickly end," noted Lehtio.

Despite initial claims, it seems that the two ransomware families are not connected.









Spotlight

How GitHub is redefining software development

Posted on 26 January 2015.  |  The security industry is slowly realizing what the developer community knew for years - collaboration is the key to and likely the future of innovation.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Tue, Jan 27th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //