Qlocker ransomware gang is using 7zip utility to lock files on QNAP devices
The gang has generated $260,000 in just 5 days from victims
Qlocker ransomware gang is using 7zip utility to lock files on QNAP devices
A ransomware group has been targeting QNAP NAS users from all over the world in an ongoing attack that has enabled the group to generate about $260,000 within a week by remotely encrypting files on target devices using the 7zip archive utility.
According to
Bleeping Computer, the Qlocker ransomware operation is exploiting some recently disclosed vulnerabilities to compromise QNAP devices and remotely execute the 7zip utility to password-protect all files on victims NAS storage devices.
QNAP NAS devices under ransomware attack
April 26, 2021
QNAP NAS devices under ransomware attack
QNAP NAS device owners are once again under attack by ransomware operators, who are exploiting a recently fixed vulnerability to lock data on vulnerable devices by using the 7-Zip open-source file archiver utility.
According to Lawrence Abrams, the ransomware gang has managed to “earn” $260,000 in five days, as many unfortunate victims decided to pay the ransom of 0.01 Bitcoins (around $550) to receive the password that would unlock their files.
What happened?
CVE-2020-36195, an SQL injection vulnerability affecting QNAP NAS running Multimedia Console or the Media Streaming add-on
QNAP removes backdoor account in NAS backup, disaster recovery app
By
Update: QNAP confirmed that Qlocker ransomware has used the removed backdoor account to hack into some customers NAS devices and encrypt their files.
There appears to be a number of users affected by Ransomware (QLocker) due to this vulnerability. Please Update your HBS3 version ASAP
QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials.
The hard-coded credentials vulnerability tracked as CVE-2021-28799 was found by Taiwan-based ZUSO ART in HBS 3 Hybrid Backup Sync, the company s disaster recovery and data backup solution.
QNAP advises users to take immediate action to secure their data against NAS Qlocker Ransomware geeky-gadgets.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from geeky-gadgets.com Daily Mail and Mail on Sunday newspapers.
Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices
By
A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives.
The ransomware is called Qlocker and began targeting QNAP devices on April 19th, 2021. Since then, there has been an enormous amount of activity in our support forum, and ID-Ransomware has seen a surge of submissions from victims.
ID-R submissions from Qlocker victims
According to reports from victims in a BleepingComputer Qlocker support topic, the attackers use 7-zip to move files on QNAP devices into password-protected archives. While the files are being locked, the QNAP Resource Monitor will display numerous 7z processes which are the 7zip command-line executable.