The first significant item of note that will comprise this blog post is Synolocker.
What is (or was) it? A ransomware attack for Synology NAS devices.
Why it's significant? Ransomware attacks are not new, but this was the first that we're aware of for ransomware to target a NAS device. Most ransomware attacks up to this point have targeted Windows based machines. But malware targeting storage appliances, particularly those not running Windows? That's new. To add to the oddity, the attackers closed up shop quickly. They then posted this message on the website, offering the remaining keys for bulk sale:
|Synolocker criminals closing up shop, originally found on The Guardian|
F-Secure also wrote a tool for unlocking the Synolocker encrypted files. This speaks to the number of users impacted by this issue.
Could it have been prevented? Yes - as it turns out, Synolocker exploited a known vulnerability that had been patched in last 2013. Synolocker first appeared in the middle of 2014. Should users have patched in the previous 6 months? Sure. But to be fair, some early adopters of the update reported that the update was causing their systems to brick.
Stay tuned for more installments in the Infosec year in review.