SynoLocker Ransomware

Posted: August 6, 2014

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	419

First Seen:	August 6, 2014
Last Seen:	September 22, 2021
OS(es) Affected:	Windows

The SynoLocker Ransomware is a file encryption Trojan that specializes in encrypting data on outdated versions of Synology-brand file storage devices. Like PoshCoder or the Critoni Ransomware, the SynoLocker Ransomware holds your files hostage, supposedly until you pay a BitCoin fee, after which the SynoLocker Ransomware claims that an automated decryption process will reverse the attack. As a more practical and cheaper solution to the SynoLocker Ransomware ransoms, malware researchers would encourage updating your server software and keeping additional file backups, which can replace the encrypted data once you've deleted the SynoLocker Ransomware.

SynoLocker Ransomware: The Study of New Ransom Techniques

Ransomware Trojans occasionally target business entities and even government agencies, but the SynoLocker Ransomware is an example of threats going above and beyond to attack highly-specialized targets: customers of Synology's NAS (Network Access Storage or Network-Attached Storage) products. These file storage devices may be used as communal data servers for anywhere from tens to hundreds of machines. The SynoLocker Ransomware's opportunistic development makes specific use of year-old security vulnerability in corresponding DSM software (versions 4.3-3810 and older). So far, later versions and 5.0 DSM both are unaffected, and patches are available to close the vulnerability.

Although the SynoLocker Ransomware uses a misleading ransom message that makes its attack sound like an unorthodox security procedure, victims who follow its instructions by installing Tor (an anonymity-providing web browser) and navigate to the specified address will find themselves subjected to a standard ransom fee. Those who bother to convert this fee from BitCoins will find that it corresponds to roughly three hundred and fifty USD.

The Inexpensive Way of Unlocking Your Files from a SynoLocker Ransomware

Unfortunately, investigation by both Synology and a range of companies specialized in PC security has yet to identify the means by which the SynoLocker Ransomware is distributed or installed. While the SynoLocker Ransomware requires pre-5.0 DSM targets to encrypt your files, Synology has launched potentially vulnerable NAS products in this year. All users of such products should consider double-checking the software versions in use and patching them if appropriate.

If you've failed to stop the SynoLocker Ransomware before the SynoLocker Ransomware has encrypted your data, malware experts personally advise against paying the BitCoin ransom demanded of you, which has no guarantee of restoring your files. Common means of reversing such attacks often use additional file backups that can overwrite encrypted files, and some PC security companies do provide free utilities to decrypt files.

Extra security steps worth taking include reconfiguring your router to disable forwarding, changing ports in use and using a strong password, all of which can stop network-infiltrating threats like the SynoLocker Ransomware from compromising other machines. However, none of these are foolproof, and by far the most important step for blocking the SynoLocker Ransomware is to avoid using outdated software that is vulnerable to its highly-specialized attacks, along with using passive anti-malware protection.

SynoLocker Ransomware

Threat Metric

SynoLocker Ransomware: The Study of New Ransom Techniques

The Inexpensive Way of Unlocking Your Files from a SynoLocker Ransomware

Leave a Reply