Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    US charges Samourai cryptomixer founders for laundering $100 million

Featured Deal: A one-year Sam's Club membership is only $14 now

Latest Buyer's Guide:    How to setup a VPN on your router: Detailed walkthrough

Generic User Avatar

Synology NAS attacked (DiskStation Security Ransomware)

Started by whoeva , Apr 11 2024 11:26 AM

  • This topic is locked This topic is locked
1 reply to this topic

#1 whoeva

whoeva

  • Avatar image
  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:07:45 AM

Posted 11 April 2024 - 11:26 AM

Hello everybody

 

When I wanted to access some data of my Synology today, I've noticed that on every shared folder there is only on txt file, !!Read Me!!.txt.

Windows is showing all the drives from Synolgy as empty.

 

The content of the txt file is the following:

________________________________________________________________________________

Hello.

This is DiskStation Security.

What happened?

- Your network was not secure.
- Your Network-Attached Storage was compromised.

What does this mean? Where are my files?

- All your data has been encrypted and hidden on a special volume.
- All your important documents have been downloaded.

What can I do to recover my data?

- If you want to recover your data, you have to send XXX Bitcoin to this wallet address:

bc1qlfj2prwfsayrvysdzphlfrngrevu4u0eh7zgzg

Always double check the address when copying/pasting it!!!!!

- You have until the 15th of April 2024 to send the payment.
After this date your files will be almost impossible to recover.

What should I do after I send the payment?

- Your ID is: XXX
- Please email us your ID and payment confirmation to:

nasonline@tutamail.com

- After we confirm your payment you will receive detailed instructions on how to decrypt all your data. It does not require any technical skills and it is done fast.

Can I still use my nas?

- Do not delete any files you find on your NAS.
- Do not try to recover your data using any software as it will result in permanent data loss.
- Do not modify any volumes or storage pools on your NAS.
- Do not write large amounts of data to your disk.

Why have my files been downloaded?

- We reserve the right to leak or sell all your important documents, if no payment is made.

Where can I buy and send bitcoin?

- You can easily buy and send bitcoin from:

https://www.moonpay.com/buy/btc
https://paxful.com/buy-bitcoin
https://localbitcoins.com/buy_bitcoins
https://www.binance.com/en/buy-Bitcoin

You can think of this as a failed security audit.

We are professionals. This is a one time deal.
We will restore your data immediately after the payment.
We will even send you tips on how to strengthen your network security, to prevent any future attacks.


Thank you.

________________________________________________________________________________

 

I've uploaded the file to nomoreransom.org but it gave no output information at all.

 

Any chance to get the data back?

 

Help is much appreciated!

 

Thanks and regards


BC AdBot (Login to Remove)

 

#2 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 61,920 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:45 AM

Posted 11 April 2024 - 11:31 AM

Unfortunately, there is no known method that I am aware of to decrypt files encrypted by DiskStation Security, Quick Security or LegendaryDisk Security without paying the ransom (not advisable) and obtaining the private encryption keys from those who created the ransomware unless they are leaked or seized & released by authorities. The criminal's master private key is needed for decryption. Without the criminal's master private key, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way (RSA, AES, Salsa20, ChaCha20, EDA2, ECDH, ECC) that cannot be brute-forced...the public key alone that encrypted files is useless for decryption.  
 
There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, IT consultants, victims and company representatives who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.
 
Thanks
The BC Staff


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

Back to Ransomware Help & Tech Support


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Ransomware Help & Tech Support
  4. Privacy Policy
  5. Rules ·