22 April 2021

Qlocker ransomware campaign targets QNAP devices across the globe


Qlocker ransomware campaign targets QNAP devices across the globe

A new ransomware campaign targeting QNAP NAS devices has been spotted recently. Dubbed Qlocker, the campaign uses 7-zip to move files on QNAP devices into password-protected archives.

The attacks came to light on April 19, when multiple users found their devices were encrypted and took to technical forums and the ID-Ransomware service to find out more about the threat.

According to Bleeping Computer, while the files are being locked, the QNAP Resource Monitor will display numerous '7z' processes which are the 7zip command-line executable. After the encryption process is finished the QNAP device's files will be stored in password-protected 7-zip archives ending with the .7z extension. To extract these archives, victims will need to enter a password provided by the attacker.

A ransom note left by the attackers includes a unique client key that the victims need to enter to log into the ransomware's Tor payment site. To receive the password for the encrypted archives the victims must pay 0.01 Bitcoins (~$533).

QNAP said it believes that the attackers are exploiting the CVE-2020-36195 vulnerability to execute the ransomware on devices.

Earlier this month QNAP addressed a high risk vulnerability (CVE-2020-2509) in QNAP QTS that allowed remote hackers to execute arbitrary shell commands on the target system.

Back to the list

Latest Posts

One of the US’ largest pipelines halts operations after a ransomware attack

One of the US’ largest pipelines halts operations after a ransomware attack

The "DarkSide" criminal group is believed to be behind the ransomware attack.
10 May 2021
TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

The attacks were highly targeted and delivered to less than 10 victims around the world, including large diplomatic organizations in South-East Asia and Africa.
10 May 2021
A bio research institute got infected with Ryuk ransomware because of pirated software

A bio research institute got infected with Ryuk ransomware because of pirated software

The student who wouldn’t pay for licensed software unwittingly opened a door to the ransomware.
10 May 2021