How ransomware crooks can be (suddenly) helpful: Discovering hidden ‘Recovery OS’ on Synology NAS. 📦🪬🕵️🎁

Security researcher and IR expert Mischa van Geelen shared his research on Synology NAS systems a few weeks ago. During his analysis, he discovered that Synology devices have a hidden operating system with Telnet enabled, weak passwords, and some handy scripts that run as root.

The research was inspired by a strange fact: network storage systems are often used for backups, and while ransomware attackers wipe the data using the "factory reset" feature, the data was almost always recovered through remote assistance.

From the presentation below, you will learn how :) I wonder if Synology plans to fix the "Recovery OS" any time soon.

Enjoy the presentation, and please share it with your friends and colleagues!

P.S. If you have Synology in your network right now - can you check the env.cgi

More details:

Synology Disk Station Manager (DSM) - the good, the bad and the ugly [Youtube]: https://lnkd.in/d-ZcF3GD