Credit: The original article is published here.
- Italian police received multiple complaints for ransomware attacks
- Most victims were active at an international level in the field of civil rights
- The attackers targeted their Synology Diskstation NES devices
A 44-year-old Romanian national has been arrested during a law enforcement operation to dismantle a ransomware campaign called “Diskstation”.
Diskstation usually targets Synology Network-Attached Storage (NAS) devices, often used in an enterprise environment for centralized file storage and sharing, data backup and recovery, and general content hosting. The group was first spotted in 2021, and has since used different names, such as DiskStation Security, Quick Security, LegendaryDisk Security, 7even Security, and Umbrella Security.
Police received “a series of complaints filed by numerous companies operating in Lombardy”, who suffered data encryption and were thus unable to operate unless they paid a ransom in exchange for the decryption key.
Targeting Synology devices
Among the targets were film production organizations, event organizations, and non-profits, all active at an international level in the field of civil rights protection and charity events.
The police’s investigation, which included analyzing both the encrypted devices and the blockchain (since the ransom demands were paid in cryptocurrency), led the detectives to France and Romania, and resulted in Operation Elicius, coordinated by EUROPOL.
“Several” subjects were identified as part of the Diskstation group, all of Romanian nationality. In June 2024, the police raided the homes of multiple suspects in Bucharest and according to the announcement, even caught one person “in the act of committing a crime”.
The 44-year-old that was arrested is now detained, under the suspicion of “abusive access to a computer or telematic system”, and “extortion”.
Diskstation’s shenanigans weren’t widely reported in the tech media. The name is most commonly associated with Synology’s NAS product line which has been targeted by ransomware cybercriminals in the past.
This particular group reportedly demanded ransom payments between $10,000 and “hundreds of thousands of dollars”.
Via BleepingComputer
You might also like
- Hackers are hiding powerful info-stealing malware in fake free VPNs downloaded from GitHub, don’t get tricked
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers