Authorities Dismantled \u201cDiskstation\u201d Ransomware Attacking Synology NAS Devices Worldwide
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Italian State Police, in collaboration with French and Romanian law enforcement agencies, have successfully dismantled the dangerous \u201cDiskstation<\/a>\u201d ransomware group that specifically targeted Synology Network-Attached Storage (NAS) devices across multiple countries.\u00a0<\/p>\n The operation, coordinated through EUROPOL, resulted in the arrest of several Romanian nationals and exposed a sophisticated cybercriminal network that encrypted victim systems and demanded cryptocurrency payments for data recovery.<\/p>\n The investigation began following numerous complaints from Lombardy-based companies whose IT infrastructure had been compromised through advanced ransomware attacks.\u00a0<\/p>\n The cybercriminals employed sophisticated encryption algorithms to render business-critical data inaccessible, effectively paralyzing production processes across various sectors including graphic design, film production, and event organization.<\/p>\n The Cybersecurity Operations Center in Milan conducted comprehensive forensic analysis<\/a> of the attacked computer systems, utilizing advanced malware detection techniques and reverse engineering methodologies.\u00a0<\/p>\n Investigators performed<\/a> detailed blockchain analysis to trace cryptocurrency transactions, employing specialized tools to follow the digital money trail from victim payments to the perpetrators\u2019 wallets.\u00a0<\/p>\n This dual-approach investigation methodology proved crucial in identifying the attack vectors and establishing the criminal network\u2019s operational structure.<\/p>\n The ransomware group demonstrated particular expertise in exploiting vulnerabilities within Synology NAS devices, which are commonly used by businesses for data storage and backup solutions.\u00a0<\/p>\n The attackers leveraged zero-day exploits and credential stuffing techniques to gain unauthorized access to these systems before deploying their encryption payloads.<\/p>\n The complexity of the cybercriminal operation necessitated expanded international cooperation, leading to the establishment of a specialized task force coordinated by EUROPOL.\u00a0<\/p>\n The collaborative effort included cyber crime units from Italy, France, and Romania, each contributing expertise in different aspects of the investigation including digital forensics, cryptocurrency analysis<\/a>, and cross-border legal procedures.<\/p>\n During coordinated searches conducted in Bucharest in June 2024, investigators from the Milan COSC participated alongside Romanian authorities, successfully apprehending several suspects in the act of committing cybercrime.\u00a0<\/p>\n The operation yielded substantial digital evidence confirming the investigative hypotheses and revealing the full scope of the criminal network\u2019s activities.<\/p>\n The primary suspect, a 44-year-old Romanian citizen, has been placed in pre-trial detention by the Milan Court on charges of \u201cUnauthorized Access to a Computer or Telematic System\u201d and \u201cExtortion\u201d.\u00a0<\/p>\n The charges reflect the serious nature of the crimes, which affected numerous Italian victims and demonstrated the international scope of the ransomware operation.<\/p>\n Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now<\/strong><\/a>\u00a0<\/p>\n The post Authorities Dismantled \u201cDiskstation\u201d Ransomware Attacking Synology NAS Devices Worldwide<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nKey Takeaways<\/strong>
<\/mark>1. Italian police, with French and Romanian authorities, dismantled the \"Diskstation\" ransomware gang targeting Synology NAS devices globally.
2. Criminals encrypted business systems and demanded cryptocurrency ransoms from victims in various sectors.
3. Authorities used forensic analysis and blockchain tracking to trace the criminal network.
4. Several Romanian nationals arrested, with the main suspect (44) in detention for computer access and extortion charges.<\/pre>\nRansomware Gang Exploits Synology NAS Zero-Days<\/strong><\/h2>\n
Ransomware Ring Shut Down<\/strong><\/h2>\n