



查看: 484|回复: 1


发表于 2019-7-31 15:53:36 | 显示全部楼层 |阅读模式
**EI, Taiwan—July 23, 2019—Synology® recently found that several users were under a ransomware attack, where admins' credentials were stolen by brute-force login attacks, and their data was encrypted as a result. We investigated and found that the causes of these attacks were due to dictionary attacks instead of specific system vulnerabilities. This large-scale attack was targeted at various NAS models from different vendors; therefore we strongly recommend users check network and account settings to protect data from ransomware.

"We believe this is an organized attack. After an intensive investigation into this matter, we found that the attacker used botnet addresses to hide the real source IP," said Ken Lee, Manager of Security Incident Response Team at Synology Inc. "After collecting admin account passwords with brute-force attacks, the attack was launched on July 19 and caught users off guard. We therefore informed TWCERT/CC and CERT/CC immediately of this matter in hopes of accelerating the collaborative efforts to resolve this incident."

Since this attack is not related to system security vulnerabilities, it is recommended that Synology users utilize built-in network and account management settings to enhance system security level, preventing malicious attacks from the Internet.

"We urge all Synology users to take immediate action to protect their NAS from the ransomware attack," said Hewitt Lee, Director of Product Management at Synology Inc. "Users' data security is always our priority. For those who are not using Synology NAS, we still recommend you take corresponding actions to protect your precious data."

Please make sure you go through the checklist below:

Use a complex and strong password, and Apply password strength rules to all users.
Create a new account in administrator group and disable the system default "admin" account.
Enable Auto Block in Control Panel to block IP addresses with too many failed login attempts.
Run Security Advisor to make sure there is no weak password in the system.
To ensure the security of your Synology NAS, we strongly recommend you enable Firewall in Control Panel and only allow public ports for services when necessary, and enable 2-step verification to prevent unauthorized login attempts. You may also want to enable Snapshot to keep your NAS immune to encryption-based ransomware. To learn more about ransomware attacks, please visit https://www.synology.com/solution/ransomware
台湾台北- 2019年7月23日-群晖®最近发现,一些用户承受着勒索攻击,其中管理员的凭据被强力登录攻击被偷了,他们的数据是加密的结果。我们调查并发现这些攻击的原因是字典攻击而不是特定的系统漏洞。这次大规模攻击针对来自不同供应商的各种NAS型号; 因此,我们强烈建议用户检查网络和帐户设置,以保护数据免受勒索软件的侵害。

“我们认为这是一次有组织的攻击。经过对此事的深入调查,我们发现攻击者使用僵尸网络地址来隐藏真正的源IP,”Synology Inc.安全事件响应小组经理Ken Lee说。管理员帐户密码遭到暴力攻击,该攻击于7月19日启动,让用户措手不及。因此,我们立即通知了TWCERT / CC和CERT / CC,希望加快解决此事件的合作努力。


Synology Inc.产品管理总监Hewitt Lee说:“我们敦促所有Synology用户立即采取行动,保护他们的NAS免遭勒索软件攻击。”用户的数据安全始终是我们的首要任务。对于那些不使用Synology NAS的用户,我们仍然建议您采取相应的措施来保护您的宝贵数据。“


运行Security Advisor 以确保系统中没有弱密码。
为确保Synology NAS的安全,我们强烈建议您在控制面板中启用防火墙,并在必要时仅允许公共端口提供服务,并启用两步验证以防止未经授权的登录尝试。您可能还希望启用快照以使您的NAS免受基于加密的勒索软件的影响。要了解有关勒索软件攻击的更多信息,请访问https://www.synology.com/solution/ransomware
发表于 2019-7-31 15:55:23 | 显示全部楼层
Synology 建议用户立即检查系统设置,防范恶意攻击
群晖科技近日收到数则用户文件遭黑客以勒索软件加密的报告,经调查,此次攻击是针对市场上不同品牌与型号的 NAS,以暴力破解密码,而非通过特定系统安全性漏洞。因此,群晖科技建议用户立即采用以下措施检查网络和帐号安全设置,强化系统安全性:

    启用 2 步骤验证,强化帐号安全

除了以上提及的网络和帐号管理设置外,我们也建议您使用套件中心的 Snapshot Replication 或 Hyper Backup 套件来保护数据安全,如果不幸文件遭受加密仍可以通过快照或备份进行恢复。了解更多防范勒索软件的方法,请参考 https://www.synology.cn/solution/ransomware.

您需要登录后才可以回帖 登录 | 注册



GMT+8, 2024-4-28 05:57 , Processed in 0.064185 second(s), 9 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表