全球主机交流论坛

 找回密码
 注册

QQ登录

只需一步,快速开始

CeraNetworks网络延迟测速工具IP归属甄别会员请立即修改密码
查看: 483|回复: 1

群晖®敦促所有用户立即采取行动,从勒索攻击保护数据

[复制链接]
发表于 2019-7-31 15:53:36 | 显示全部楼层 |阅读模式
**EI, Taiwan—July 23, 2019—Synology® recently found that several users were under a ransomware attack, where admins' credentials were stolen by brute-force login attacks, and their data was encrypted as a result. We investigated and found that the causes of these attacks were due to dictionary attacks instead of specific system vulnerabilities. This large-scale attack was targeted at various NAS models from different vendors; therefore we strongly recommend users check network and account settings to protect data from ransomware.

"We believe this is an organized attack. After an intensive investigation into this matter, we found that the attacker used botnet addresses to hide the real source IP," said Ken Lee, Manager of Security Incident Response Team at Synology Inc. "After collecting admin account passwords with brute-force attacks, the attack was launched on July 19 and caught users off guard. We therefore informed TWCERT/CC and CERT/CC immediately of this matter in hopes of accelerating the collaborative efforts to resolve this incident."

Since this attack is not related to system security vulnerabilities, it is recommended that Synology users utilize built-in network and account management settings to enhance system security level, preventing malicious attacks from the Internet.

"We urge all Synology users to take immediate action to protect their NAS from the ransomware attack," said Hewitt Lee, Director of Product Management at Synology Inc. "Users' data security is always our priority. For those who are not using Synology NAS, we still recommend you take corresponding actions to protect your precious data."

Please make sure you go through the checklist below:

Use a complex and strong password, and Apply password strength rules to all users.
Create a new account in administrator group and disable the system default "admin" account.
Enable Auto Block in Control Panel to block IP addresses with too many failed login attempts.
Run Security Advisor to make sure there is no weak password in the system.
To ensure the security of your Synology NAS, we strongly recommend you enable Firewall in Control Panel and only allow public ports for services when necessary, and enable 2-step verification to prevent unauthorized login attempts. You may also want to enable Snapshot to keep your NAS immune to encryption-based ransomware. To learn more about ransomware attacks, please visit https://www.synology.com/solution/ransomware
==========================================
台湾台北- 2019年7月23日-群晖®最近发现,一些用户承受着勒索攻击,其中管理员的凭据被强力登录攻击被偷了,他们的数据是加密的结果。我们调查并发现这些攻击的原因是字典攻击而不是特定的系统漏洞。这次大规模攻击针对来自不同供应商的各种NAS型号; 因此,我们强烈建议用户检查网络和帐户设置,以保护数据免受勒索软件的侵害。

“我们认为这是一次有组织的攻击。经过对此事的深入调查,我们发现攻击者使用僵尸网络地址来隐藏真正的源IP,”Synology Inc.安全事件响应小组经理Ken Lee说。管理员帐户密码遭到暴力攻击,该攻击于7月19日启动,让用户措手不及。因此,我们立即通知了TWCERT / CC和CERT / CC,希望加快解决此事件的合作努力。

由于此攻击与系统安全漏洞无关,因此建议Synology用户利用内置网络和帐户管理设置来提高系统安全级别,防止来自Internet的恶意攻击。

Synology Inc.产品管理总监Hewitt Lee说:“我们敦促所有Synology用户立即采取行动,保护他们的NAS免遭勒索软件攻击。”用户的数据安全始终是我们的首要任务。对于那些不使用Synology NAS的用户,我们仍然建议您采取相应的措施来保护您的宝贵数据。“

请确保通过以下清单:

使用复杂且强大的密码,并将密码强度规则应用于所有用户。
在管理员组中创建一个新帐户并禁用系统默认的“admin”帐户。
启用自动封锁在控制面板中有太多失败的登录尝试阻止IP地址。
运行Security Advisor 以确保系统中没有弱密码。
为确保Synology NAS的安全,我们强烈建议您在控制面板中启用防火墙,并在必要时仅允许公共端口提供服务,并启用两步验证以防止未经授权的登录尝试。您可能还希望启用快照以使您的NAS免受基于加密的勒索软件的影响。要了解有关勒索软件攻击的更多信息,请访问https://www.synology.com/solution/ransomware
发表于 2019-7-31 15:55:23 | 显示全部楼层
Synology 建议用户立即检查系统设置,防范恶意攻击
群晖科技近日收到数则用户文件遭黑客以勒索软件加密的报告,经调查,此次攻击是针对市场上不同品牌与型号的 NAS,以暴力破解密码,而非通过特定系统安全性漏洞。因此,群晖科技建议用户立即采用以下措施检查网络和帐号安全设置,强化系统安全性:

    在控制面板>用户帐号新增一组帐号且具管理员权限的帐号,并停用系统预设的「admin」帐号
    使用强度较强的密码,并在控制面板>用户帐号>高级设置中启用密码强度限制规则
    启用 2 步骤验证,强化帐号安全
    在控制面板启用自动封锁,并且执行安全顾问,以避免系统使用安全等级较弱的密码
    在控制面板中启用防火墙,只为必要的服务开启外部网络端口

除了以上提及的网络和帐号管理设置外,我们也建议您使用套件中心的 Snapshot Replication 或 Hyper Backup 套件来保护数据安全,如果不幸文件遭受加密仍可以通过快照或备份进行恢复。了解更多防范勒索软件的方法,请参考 https://www.synology.cn/solution/ransomware.

您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|小黑屋|全球主机交流论坛

GMT+8, 2024-3-29 03:19 , Processed in 0.058818 second(s), 8 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表