In this ransom screen you will be assigned a personal identification code that can be used to login to the SynoLocker payment system located on TOR. The TOR address is hxxp://cypherxffttr7hho.onion. Once you enter your code you will be presented with information on how to pay the ransom and retrieve your files. Once a ransom is paid, you will be shown your decryption key, or private key, that you will need to paste into the ransom screen on the Synology device. Once you enter the decryption key, the infection will allow you to decrypt your files.
The SynoLocker malware files are stored on the Synology device in the /etc/synolocker folder. The main decrypter program is located at /etc/synolock/synolock, the private decryption key is located at /etc/synolock/RSA_PUBLIC_KEY, and the public key is found in /etc/synolock/RSA_PRIVATE_KEY. If anyone has a copy of this folder, I would be interested in examining them.
What is scary and bizarre at the same time, is the professionalism of the decryption site. The english is not broken as typically seen in ransomware and they are actually providing a customer support page where people can get help with paying the ransom and decrypting their files. Below you can see the latest news section of the malware's decryption site:
All support tickets are answered has fast as possible. In the case that your ticket is not answered in a timely fashion then submit it again.
Some users have reported issues with the automated decryption process. All customers keypairs are kept in security and everything will be done to complete the decryption process. After submiting the key it can take several minutes before the page refresh to the decryption progress process bar. Custom binary preloaded with the correct keypair for each identifier are available on demand. More instructions about using custom binary will be posted tomorrow.
Thank you for your patience.
If you are infected with SynoLocker, you should immediately disconnect your device from the Internet and contact Synology customer support where they will walk you through updating your DSM and regaining access to your device. If you are not affected, you should make sure to upgrade to the latest DSM on your device.