In a significant international law enforcement operation, Europol coordinated with police forces from France and Romania to dismantle the ‘Diskstation’ ransomware group. This group had been actively targeting Synology Network-Attached Storage (NAS) devices since 2021, under various aliases such as ‘DiskStation Security,’ ‘Quick Security,’ ‘LegendaryDisk Security,’ ‘7even Security,’ and ‘Umbrella Security.’ (bleepingcomputer.com)
The ‘Diskstation’ gang specifically focused on internet-exposed NAS devices, encrypting their data and demanding ransoms ranging from $10,000 to several hundred thousand dollars in cryptocurrency. Their victims included companies in the Lombardy region, particularly in the fields of graphics and film production, event organization, and international non-profit organizations dedicated to civil rights and charitable activities. (bleepingcomputer.com)
Explore the data solution with built-in protection against ransomware TrueNAS.
The investigation, initiated after numerous complaints from affected companies, involved forensic analysis of compromised systems and blockchain analysis to trace ransom payments. This led authorities to France and Romania, where raids were conducted in Bucharest in June 2024. During these raids, a 44-year-old Romanian national was arrested on charges of unauthorized access to computer systems and extortion. (bleepingcomputer.com)
The ‘Diskstation’ group’s activities had a severe impact on their victims, causing significant system disruptions and business process interruptions. Companies faced the encryption of data in their IT systems, leading to a complete ‘paralysis’ of their production processes. To restore access to their data and resume operations, victims had to pay large ransoms to attackers in cryptocurrency. (bleepingcomputer.com)
This case highlights the growing threat of ransomware attacks on NAS devices, which are commonly used by companies for centralized file storage, data backup, and content hosting. The attacks underscore the importance of robust cybersecurity measures, including regular firmware updates, strong password policies, and network configurations that limit exposure to the internet. (backblaze.com)
In response to these threats, Synology, a leading NAS device manufacturer, has urged users to take immediate action to protect their data from ransomware attacks. The company recommends that users change default administrative credentials, enable multi-factor authentication, and regularly update their devices to the latest firmware versions. (synology.com)
The dismantling of the ‘Diskstation’ group serves as a reminder of the persistent and evolving nature of cyber threats. It also underscores the critical role of international cooperation in combating cybercrime and the necessity for organizations to implement comprehensive cybersecurity strategies to safeguard their data and operations.
Be the first to comment