“Lazy” Synolocker

A funny thing happened to me the other day. Someone brought me a 4-bay Synology NAS which had been hit by ransomware called Synolocker. The usual scenario – the NAS was exposed to the internet, maybe not updated as regularly as it should have been, and eventually targeted by ransomware. The bright side was that the owner kept an offline copy of the data that was stored on the NAS, so no big harm done. I was only asked to restore the NAS to the original settings to get rid of the nasty piece of software and make the NAS usable again.

The funny fact was that once I restored the operating system (thus removing the infected system) and was about to go and blank the encrypted volumes, I was surprised to find out that the data was still there, perfectly intact. This particular piece of ransomware was so “lazy” that it didn’t even bother to actually encrypt the data. It simply demanded ransom and waited for anyone who would panic enough to go and pay up.