- Italian police have received several complaints for ransomware attacks
- Most of the victims were active internationally in the field of civil rights
- The attackers targeted their synology diskstation nes devices
A 44 -year -old Romanian national was arrested during an operation to apply the law to dismantle a ransomware campaign called “diskstation”.
Diskstation generally targets storage devices (NAS) from Synology Network-Attached Storage, often used in a company environment for centralized storage and sharing, backup and data recovery, and general content accommodation. The group was spotted for the first time in 2021 and has since used different names, such as diskstation security, rapid security, legendarydisk safety, the 7 Even Security and the safety of the umbrellas.
The police received “a series of complaints filed by numerous companies operating in Lombardy”, which has undergone encryption of data and was therefore unable to operate unless they paid a ransom in exchange for the decryption key.
Target synology devices
Among the objectives were cinematographic production organizations, event organizations and non -profit organizations, all active at an international level in the field of civil rights and charitable events.
The police investigation, which included the analysis of both encrypted devices and blockchain (since ransom requests were paid in cryptocurrency), led detectives to France and Romania, and led to Operation Elicius, coordinated by Europol.
“Several” subjects have been identified as part of the diskstation group, all of Romanian nationality. In June 2024, the police went down to the houses of several suspects in Bucharest and, according to the announcement, even caught a person “committing a crime”.
The 44 -year -old man who was arrested is now held, under the suspicion of “abusive access to a computer or a telematic system” and “extortion”.
Diskstation was largely reported in the technological media. The name is most often associated with the NAS product range of Synology which has been targeted by cybercriminals of ransomware in the past.
This particular group would have demanded ransom payments between $ 10,000 and “hundreds of thousands of dollars”.
Via Bleeping Compompute
