Authorities Take Down ‘Diskstation’ Ransomware Gang Targeting Synology NAS Globally

Italian State Police, working alongside French and Romanian authorities, have successfully dismantled a sophisticated ransomware operation known as “Diskstation” that specifically targeted Synology Network Attached Storage (NAS) systems worldwide.

The international investigation, coordinated by EUROPOL and led by Milan’s Cybersecurity Operations Center, resulted in the arrest of several Romanian nationals and exposed a criminal network that paralyzed businesses across multiple industries.

Coordinated International Investigation Yields Results

The investigation began following numerous complaints from Lombardy-based companies whose IT systems had been encrypted by the ransomware gang.

The attacks resulted in complete production shutdowns, forcing victims to pay substantial cryptocurrency ransoms to regain access to their critical data.

The Milan Public Prosecutor’s Office coordinated the complex investigation, which employed both forensic analysis of compromised systems and comprehensive blockchain examination to track the criminals’ financial activities.

The scope of the investigation expanded internationally after initial findings revealed the gang’s cross-border operations.

EUROPOL established a specialized task force comprising law enforcement agencies from Italy, France, and Romania, all working to identify and apprehend those responsible for the “Diskstation” attacks.

This collaborative approach proved essential in tracking the sophisticated criminal network that had been operating across multiple jurisdictions.

The ransomware attacks targeted a wide range of organizations, including graphic design firms, film production companies, event management businesses, and international non-profit organizations focused on civil rights protection and charitable activities.

This diverse victim profile demonstrates the indiscriminate nature of the attacks and the significant economic and social impact of the criminal operation.

The investigation revealed that the perpetrators specifically exploited vulnerabilities in Synology NAS systems, which are commonly used by businesses for data storage and backup solutions.

By targeting these systems, the criminals could effectively encrypt entire organizational datasets, maximizing their leverage over victims.

The investigation’s operational phase culminated in June 2024 with coordinated searches conducted in Bucharest at the residences of suspected gang members.

Milan’s Cybersecurity Operations Center personnel participated directly in these operations, which not only confirmed investigative hypotheses but also caught several individuals in the act of committing cybercrime.

The main suspect, a 44-year-old Romanian citizen, has been placed in pre-trial detention by a Milan court judge.

He faces charges of unauthorized access to computer systems and extortion.

Several other Romanian nationals have been identified as participants in the criminal network, with investigations ongoing to determine their specific roles and responsibilities.

This successful operation highlights the importance of international cooperation in combating sophisticated cybercrime.

The “Diskstation” case demonstrates how modern ransomware operations often involve complex networks spanning multiple countries, requiring coordinated law enforcement responses to achieve effective results.

Stay Updated on Daily Cybersecurity News . Follow us on Google News, LinkedIn, and X.