Ransomware gang attacking NAS devices taken down in major police operation

News
By published

A 44-year-old man was arrested in Romania on cybercrime charges

ransomware
Image credit: Pixabay (Image credit: Pixabay)
  • Italian police received multiple complaints for ransomware attacks
  • Most victims were active at an international level in the field of civil rights
  • The attackers targeted their Synology Diskstation NES devices

A 44-year-old Romanian national has been arrested during a law enforcement operation to dismantle a ransomware campaign called “Diskstation”.

Diskstation usually targets Synology Network-Attached Storage (NAS) devices, often used in an enterprise environment for centralized file storage and sharing, data backup and recovery, and general content hosting. The group was first spotted in 2021, and has since used different names, such as DiskStation Security, Quick Security, LegendaryDisk Security, 7even Security, and Umbrella Security.

Police received “a series of complaints filed by numerous companies operating in Lombardy”, who suffered data encryption and were thus unable to operate unless they paid a ransom in exchange for the decryption key.

Targeting Synology devices

Among the targets were film production organizations, event organizations, and non-profits, all active at an international level in the field of civil rights protection and charity events.

The police’s investigation, which included analyzing both the encrypted devices and the blockchain (since the ransom demands were paid in cryptocurrency), led the detectives to France and Romania, and resulted in Operation Elicius, coordinated by EUROPOL.

“Several” subjects were identified as part of the Diskstation group, all of Romanian nationality. In June 2024, the police raided the homes of multiple suspects in Bucharest and according to the announcement, even caught one person "in the act of committing a crime”.

The 44-year-old that was arrested is now detained, under the suspicion of “abusive access to a computer or telematic system”, and “extortion”.

Diskstation’s shenanigans weren’t widely reported in the tech media. The name is most commonly associated with Synology’s NAS product line which has been targeted by ransomware cybercriminals in the past.

This particular group reportedly demanded ransom payments between $10,000 and “hundreds of thousands of dollars”.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.