Ransomware cyber

Synology

Jul 17, 2025 1 min read
Synology

Italian police have dismantled a Romanian ransomware gang known as 'Diskstation' that targeted various organizations, including civil rights groups, design and film production companies, and international nonprofits in northern Italy. The group encrypted victims' systems and demanded large cryptocurrency ransoms to restore access. The operation was launched after several companies in the Lombardy region reported being locked out of their systems. The group is known for exploiting vulnerabilities in internet-connected Synology Network-Attached Storage (NAS) devices, which are file servers used in corporate environments.

Source: https://therecord.media/italian-police-dismantle-romanian-ransomware-gang

TPRM report: https://scoringcyber.rankiteo.com/company/synology-gmbh

"id": "syn418071725",
"linkid": "synology-gmbh",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': ['Civil rights',
                                     'Design',
                                     'Film production',
                                     'Nonprofits'],
                        'location': 'Northern Italy',
                        'type': ['Civil rights groups',
                                 'Design and film production companies',
                                 'International nonprofits']}],
 'attack_vector': ['Phishing',
                   'Exploiting vulnerabilities in Synology NAS devices'],
 'date_resolved': 'June 2023',
 'description': 'Italian police have dismantled a Romanian ransomware gang '
                "known as 'Diskstation' that targeted civil rights groups, "
                'design and film production companies, as well as '
                'international nonprofits in northern Italy. The group '
                'encrypted victims’ systems and demanded large cryptocurrency '
                'ransoms to restore access to their data.',
 'impact': {'systems_affected': ['Corporate file servers']},
 'initial_access_broker': {'entry_point': 'Vulnerabilities in Synology NAS '
                                          'devices'},
 'investigation_status': 'Resolved',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'root_causes': 'Exploiting vulnerabilities in '
                                           'Synology NAS devices'},
 'ransomware': {'data_encryption': True,
                'ransom_demanded': True,
                'ransomware_strain': 'Diskstation'},
 'references': [{'source': 'Italy’s Postal and Cybersecurity Police'}],
 'response': {'law_enforcement_notified': True},
 'threat_actor': 'Diskstation',
 'title': 'Italian Police Dismantle Romanian Ransomware Gang',
 'type': 'Ransomware',
 'vulnerability_exploited': 'Vulnerabilities in Synology Network-Attached '
                            'Storage (NAS) devices'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.