Synology Hit by Underground Team Ransomware Attack

Overview of the Incident

Synology Inc., a renowned provider of network-attached storage solutions, has fallen victim to a ransomware attack orchestrated by a group known as the Underground Team. The cybercriminals managed to exfiltrate 51 GB of data from Synology's systems, which was subsequently published online, indicating a significant data breach.

Company Profile

Established in January 2000, Synology Inc., headquartered in Taiwan, is a prominent figure in the network-attached storage (NAS) sector. Renowned for its dependable, intuitive, and top-notch storage solutions such as DiskStation, FlashStation, and RackStation, Synology has cemented its position as a frontrunner in the industry. With a global footprint spanning the United States, China, France, and Germany, Synology operates with a workforce of approximately 650 employees worldwide under the leadership of CEO Philip Wong.

Details of the Ransomware Attack

The Underground Team ransomware is known for its 64-bit GUI-based application that employs various commands to disrupt systems, including deleting backups, modifying registry settings, and halting critical services like MSSQLSERVER. This particular attack on Synology involved the exfiltration of a substantial amount of data, which was fully published online, exposing sensitive information.

Potential Vulnerabilities and Attack Vectors

The Underground Team likely utilized sophisticated social engineering tactics to infiltrate Synology's systems. Common methods include phishing emails with malicious attachments or links to compromised websites, designed to appear legitimate to deceive employees into initiating the malware. Additionally, the ransomware could have been disguised as a legitimate software update or application, further tricking users into downloading and executing the malicious payload.

Sources

• Craft.co - Synology
• Wikipedia - Synology
• LinkedIn - Synology
• Synology Legal Disclosure
• Synology Company Page