Cybersecurity Breach: Synology Inc. Experiences Ransomware Attack by Underground Team
Incident Date:
May 4, 2024
Overview
Title
Cybersecurity Breach: Synology Inc. Experiences Ransomware Attack by Underground Team
Victim
Synology
Attacker
Underground Team
Location
First Reported
May 4, 2024
Synology Hit by Underground Team Ransomware Attack
Overview of the Incident
Synology Inc., a renowned provider of network-attached storage solutions, has fallen victim to a ransomware attack orchestrated by a group known as the Underground Team. The cybercriminals managed to exfiltrate 51 GB of data from Synology's systems, which was subsequently published online, indicating a significant data breach.
Company Profile
Established in January 2000, Synology Inc., headquartered in Taiwan, is a prominent figure in the network-attached storage (NAS) sector. Renowned for its dependable, intuitive, and top-notch storage solutions such as DiskStation, FlashStation, and RackStation, Synology has cemented its position as a frontrunner in the industry. With a global footprint spanning the United States, China, France, and Germany, Synology operates with a workforce of approximately 650 employees worldwide under the leadership of CEO Philip Wong.
Details of the Ransomware Attack
The Underground Team ransomware is known for its 64-bit GUI-based application that employs various commands to disrupt systems, including deleting backups, modifying registry settings, and halting critical services like MSSQLSERVER. This particular attack on Synology involved the exfiltration of a substantial amount of data, which was fully published online, exposing sensitive information.
Potential Vulnerabilities and Attack Vectors
The Underground Team likely utilized sophisticated social engineering tactics to infiltrate Synology's systems. Common methods include phishing emails with malicious attachments or links to compromised websites, designed to appear legitimate to deceive employees into initiating the malware. Additionally, the ransomware could have been disguised as a legitimate software update or application, further tricking users into downloading and executing the malicious payload.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.