QNAP devices hit by Qlocker ransomware demanding 0.01BTC to unlock encrypted files
Another day another ransomware. Instead of targeting servers belonging to companies, Qlocker targets QNAP devices worldwide. The modus operandi is pretty simple: gain access to the QNAP devices and encrypt the files.
Once the QNAP devices are infected, they will run multiple 7z processes to encrypt all the files inside with a password. Then a ransom note will be left to provide the victim with a client key to allow them to login to the Qlocker’s Tor payment site to obtain the password to unencrypt their files.
Victims are told to pay 0.01BTC (~RM2056), although there was previously a bug that allowed victims to obtain the password without actually paying the ransom. However the security flaw on Qlocker’s end has since been patched.
Speaking of patches, QNAP has reportedly addressed the critical vulnerabilities that Qlocker took advantage via patches on 16th April, although I guess not everyone installed the updates as soon as they were made available.
If you are infected and your files have been encrypted, QNAP warns that you should not reboot the device and instead run the Malware Remover tool. It will not help you recover your files, but it will help protect you and other people from future attacks.
Pokdepinion: I think this really highlights the importance of staying updated with the latest security patches… Or maybe you should just get less capable NAS that can’t run 7zip 🤔