[ad_1]
Italian State Police, in collaboration with French and Romanian law enforcement agencies, have successfully dismantled the dangerous “Diskstation” ransomware group that specifically targeted Synology Network-Attached Storage (NAS) devices across multiple countries.
The operation, coordinated through EUROPOL, resulted in the arrest of several Romanian nationals and exposed a sophisticated cybercriminal network that encrypted victim systems and demanded cryptocurrency payments for data recovery.
Key Takeaways
1. Italian police, with French and Romanian authorities, dismantled the "Diskstation" ransomware gang targeting Synology NAS devices globally.
2. Criminals encrypted business systems and demanded cryptocurrency ransoms from victims in various sectors.
3. Authorities used forensic analysis and blockchain tracking to trace the criminal network.
4. Several Romanian nationals arrested, with the main suspect (44) in detention for computer access and extortion charges.
Ransomware Gang Exploits Synology NAS Zero-Days
The investigation began following numerous complaints from Lombardy-based companies whose IT infrastructure had been compromised through advanced ransomware attacks.
The cybercriminals employed sophisticated encryption algorithms to render business-critical data inaccessible, effectively paralyzing production processes across various sectors including graphic design, film production, and event organization.
The Cybersecurity Operations Center in Milan conducted comprehensive forensic analysis of the attacked computer systems, utilizing advanced malware detection techniques and reverse engineering methodologies.
Investigators performed detailed blockchain analysis to trace cryptocurrency transactions, employing specialized tools to follow the digital money trail from victim payments to the perpetrators’ wallets.
This dual-approach investigation methodology proved crucial in identifying the attack vectors and establishing the criminal network’s operational structure.
The ransomware group demonstrated particular expertise in exploiting vulnerabilities within Synology NAS devices, which are commonly used by businesses for data storage and backup solutions.
The attackers leveraged zero-day exploits and credential stuffing techniques to gain unauthorized access to these systems before deploying their encryption payloads.
Ransomware Ring Shut Down
The complexity of the cybercriminal operation necessitated expanded international cooperation, leading to the establishment of a specialized task force coordinated by EUROPOL.
The collaborative effort included cyber crime units from Italy, France, and Romania, each contributing expertise in different aspects of the investigation including digital forensics, cryptocurrency analysis, and cross-border legal procedures.
During coordinated searches conducted in Bucharest in June 2024, investigators from the Milan COSC participated alongside Romanian authorities, successfully apprehending several suspects in the act of committing cybercrime.
The operation yielded substantial digital evidence confirming the investigative hypotheses and revealing the full scope of the criminal network’s activities.
The primary suspect, a 44-year-old Romanian citizen, has been placed in pre-trial detention by the Milan Court on charges of “Unauthorized Access to a Computer or Telematic System” and “Extortion”.
The charges reflect the serious nature of the crimes, which affected numerous Italian victims and demonstrated the international scope of the ransomware operation.
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now
[ad_2]
