Buying Guides
by Review Geek

Browse All Buying Guides
How-to Geek Best Of Badge Award

Reader Favorites

8 Best Wireless Mechanical Keyboards
5 Best Places to Buy Vinyl Records Online
8 Best Hot Swappable Mechanical Keyboards
Apps to Share Your Location with Family
The 5 Best Trip Planning Apps
The Best Multi-Device Mice and Keyboards for Power Users
7 LEGO Alternatives That Still Work With LEGO Bricks

More from Review Geek

Browse All Buying Guides
Browse All Latest News

Review Geek Editorials

Why Everyone Needs to Stock up on Power Banks
I Switched to a Galaxy S21 and I Hate It
I Tried Carvana: It Was Worse Than The Dealer
Why We Can't Recommend Wyze or eufy Cameras
Don't Buy an Electric Riding Lawn Mower
Don't Buy This Fake 16TB Portable Hard Drive
You Don't Really Ever Own an EV

More from Review Geek

Browse All Reviews
Browse All Buying Guides
How-to Geek Editor Choice Badge Award

Across LifeSavvy Media

FROM LIFESAVVY
Grelife 24in Oscillating Space Heater Review: Comfort and Functionality Combined
VCK Dual Filter Air Purifier Review: Affordable and Practical for Home or Office
FROM HOW-TO GEEK
Sennheiser MKE 200 Mobile Kit Review: A Cheap, Easy Upgrade for Content Creators
Dashlane Password Manager Review: Dashing to the Top of Our List
We select and review products independently. When you purchase through our links we may earn a commission. Learn more.
X
Popular Searches
News

A Botnet is Attacking Synology NAS Devices: Here’s How to Secure Yours

Andrew Heinzman
Andrew Heinzman
News Editor

Andrew is the News Editor for Review Geek, where he covers breaking stories and manages the news team. He joined Life Savvy Media as a freelance writer in 2018 and has experience in a number of topics, including mobile hardware, audio, and IoT. Read more...

About Review Geek
@andrew_andrew__
| 1 min read
A Synology NAS on a green background.
Synology

A StealthWorker botnet is carrying out brute-force attacks on Synology NAS devices, according to the company’s Incident Response Team. Infected devices could be exposed to a variety of malicious payloads, including ransomware. But because these brute-force attacks rely on weak security credentials, it’s up to Synology NAS users to defend their devices—here’s how to make sure your NAS unit is safe.

Just to be crystal clear, Synology has not been hacked. This StealthWorker botnet simply forces its way into accounts by guessing their passwords. Once your account is broken into, the botnet dumps a malicious payload on your NAS unit.

Infected units may join the botnet to attack other devices or suffer from malware. Because the botnet is targeting NAS units, which often contain valuable data, ransomware is a real threat here.

Thankfully, there are several steps you can take to secure your account. Here are four actions that Synology suggested during a similar attack in 2019, plus a few suggestions from our staff:

  • Use a complex and strong password, and Apply password strength rules to all users.
  • Create a new account in administrator group and disable the system default “admin” account.
  • Enable Auto Block in Control Panel to block IP addresses with too many failed login attempts.
  • Run Security Advisor to make sure there is no weak password in the system.
  • Enable Firewall in the Control Panel.
  • Enable 2-step authentication to keep out bots even if they discover your password.
  • Enable Snapshot to keep your NAS immune to encryption-based ransomware.
  • Consider storing important files in more than one location, not just your NAS unit.

You should also check out Synology’s Knowledge Center, which provides several methods for securing your account.

Synology says that it’s working with CERT organizations to take down all control centers for the botnet. The company will notify potentially impacted users, though you should reach out to Synology tech support if you find that your NAS unit is acting strange.

Source: Synology via Bleeping Computer

Andrew Heinzman Andrew Heinzman
Andrew is the News Editor for Review Geek, where he covers breaking stories and manages the news team. He joined Life Savvy Media as a freelance writer in 2018 and has experience in a number of topics, including mobile hardware, audio, and IoT. Read Full Bio »