- Italian police received several complaints for ransomware -attack
- Most victims were active at international level in civil rights
- The attackers targeted their synological disk station NES -Units
A 44-year-old Romanian citizen has been arrested during a law enforcement operation to conduct a ransomware campaign called “DiskStation”.
DiskStation is usually targeted at devices for Synology Network-connected storage (NAS), which is often used in a company environment for centralized file storage and sharing, databack and recovery and general content coughing. The group was first discovered in 2021 and has since used various names such as DiskStation Security, Quick Security, Legendary Security, 7Even Security and Umbrella Security.
The police received “a number of complaints filed by several companies operating in Lombardy” that suffered from data hinting and thus unable to operate unless they paid a ransom in exchange for the decryptation key.
Targeting of Synological Units
Among the goals were film production organizations, event organizations and non-profit, all active at international level in civil rights protection and charity events.
The police investigation, which included analysis of both the encrypted devices and the blockchain (when the ransom requirements were paid in cryptocurrency), led the detectives to France and Romania and resulted in Operation Elicius, coordinated by Europol.
“More” topics were identified as part of the DiskStation Group, all Romanian nationality. In June 2024, police attacked the home of several suspects in Bucharest and, according to the message, even caught a person “in the law of committing a crime”.
The 44-year-old, who was arrested, is now being detained under suspicion of “violent access to a computer or telematic system” and “extortion”.
DiskStations Shenanigans were not broadly reported in the technical media. The name is most often associated with Synology’s NAS product line, which has previously been targeted by ransomware -cyber criminals.
This particular group allegedly demanded ransom between $ 10,000 and “hundreds of thousands of dollars”.
Via Bleeping computer
