A new ransomware campaign targeting QNAP NAS devices has been spotted recently. Dubbed Qlocker, the campaign uses 7-zip to move files on QNAP devices into password-protected archives.
The attacks came to light on April 19, when multiple users found their devices were encrypted and took to technical forums and the ID-Ransomware service to find out more about the threat.
According to Bleeping Computer, while the files are being locked, the QNAP Resource Monitor will display numerous '7z' processes which are the 7zip command-line executable. After the encryption process is finished the QNAP device's files will be stored in password-protected 7-zip archives ending with the .7z extension. To extract these archives, victims will need to enter a password provided by the attacker.
A ransom note left by the attackers includes a unique client key that the victims need to enter to log into the ransomware's Tor payment site. To receive the password for the encrypted archives the victims must pay 0.01 Bitcoins (~$533).
QNAP said it believes that the attackers are exploiting the CVE-2020-36195 vulnerability to execute the ransomware on devices.
Earlier this month QNAP addressed a high risk vulnerability (CVE-2020-2509) in QNAP QTS that allowed remote hackers to execute arbitrary shell commands on the target system.