We select and review products independently. When you purchase through our links we may earn a commission. Learn more.

A Botnet is Attacking Synology NAS Devices: Here’s How to Secure Yours

A Synology NAS on a green background.

A StealthWorker botnet is carrying out brute-force attacks on Synology NAS devices, according to the company’s Incident Response Team. Infected devices could be exposed to a variety of malicious payloads, including ransomware. But because these brute-force attacks rely on weak security credentials, it’s up to Synology NAS users to defend their devices—here’s how to make sure your NAS unit is safe.

Just to be crystal clear, Synology has not been hacked. This StealthWorker botnet simply forces its way into accounts by guessing their passwords. Once your account is broken into, the botnet dumps a malicious payload on your NAS unit.

Infected units may join the botnet to attack other devices or suffer from malware. Because the botnet is targeting NAS units, which often contain valuable data, ransomware is a real threat here.

Thankfully, there are several steps you can take to secure your account. Here are four actions that Synology suggested during a similar attack in 2019, plus a few suggestions from our staff:

  • Use a complex and strong password, and Apply password strength rules to all users.
  • Create a new account in administrator group and disable the system default “admin” account.
  • Enable Auto Block in Control Panel to block IP addresses with too many failed login attempts.
  • Run Security Advisor to make sure there is no weak password in the system.
  • Enable Firewall in the Control Panel.
  • Enable 2-step authentication to keep out bots even if they discover your password.
  • Enable Snapshot to keep your NAS immune to encryption-based ransomware.
  • Consider storing important files in more than one location, not just your NAS unit.

You should also check out Synology’s Knowledge Center, which provides several methods for securing your account.

Synology says that it’s working with CERT organizations to take down all control centers for the botnet. The company will notify potentially impacted users, though you should reach out to Synology tech support if you find that your NAS unit is acting strange.

Source: Synology via Bleeping Computer

Andrew Heinzman Andrew Heinzman
Andrew is the News Editor for Review Geek, where he covers breaking stories and manages the news team. He joined Life Savvy Media as a freelance writer in 2018 and has experience in a number of topics, including mobile hardware, audio, and IoT. Read Full Bio »