Police Crack Down on Diskstation Ransomware Targeting NAS Devices
▼ Summary
– An international law enforcement operation dismantled the Romanian ransomware gang ‘Diskstation,’ which encrypted systems of companies in Lombardy, causing severe business disruptions.
– The operation, codenamed ‘Elicius,’ was coordinated by Europol and involved police forces from France and Romania.
– Diskstation targeted Synology NAS devices globally since 2021 under multiple aliases, demanding ransoms from $10,000 to hundreds of thousands of dollars.
– Victims included graphic/film production firms, event organizers, and NGOs, who faced encrypted data and paralyzed operations until paying ransoms in cryptocurrency.
– A 44-year-old Romanian suspect, believed to be the primary operator, was arrested and faces charges for unauthorized access and extortion.
A coordinated international police operation has successfully dismantled a notorious ransomware group specializing in attacks against corporate NAS devices. Known as ‘Diskstation,’ this cybercriminal network caused widespread disruption by encrypting critical business data and demanding hefty ransom payments. Authorities from multiple countries collaborated to bring down the operation, marking a significant victory in the fight against digital extortion.
The crackdown, dubbed ‘Operation Elicius,’ was spearheaded by Europol with support from law enforcement agencies in France and Romania. The gang primarily targeted Synology Network-Attached Storage (NAS) devices, which businesses rely on for secure file storage, backups, and data management. By exploiting vulnerabilities in these systems, the criminals locked companies out of their own data, demanding payments ranging from $10,000 to hundreds of thousands of dollars in cryptocurrency.
Operating under multiple aliases, including “DiskStation Security,” “Quick Security,” and “Umbrella Security”, the group had been active since 2021, focusing on internet-exposed NAS devices. Victims included graphic design studios, film production companies, event planners, and humanitarian NGOs, many of which faced severe operational paralysis after losing access to critical files.
Investigators from the Milan Prosecutor’s Office played a key role in tracking the cybercriminals, using digital forensics and blockchain analysis to follow ransom payments. Their efforts led to raids in Bucharest in June 2024, where evidence was seized and arrests made. Among those detained was a 44-year-old Romanian national, believed to be the ringleader, now facing charges for unauthorized system access and extortion.
To safeguard against similar threats, businesses are urged to keep NAS firmware updated, disable unnecessary services like Telnet and UPnP, and avoid exposing devices directly to the internet. Restricting access through VPNs and implementing multi-layered security protocols can further reduce the risk of ransomware infiltration. This case underscores the importance of proactive cybersecurity measures in an era where digital extortion schemes continue to evolve.
(Source: BLEEPING COMPUTER)
