QNAP ransomware attack encrypts users’ NAS and requests a ransom to recover files
“All your files are encrypted !!!” With this message some QNAP Users, A brand of NAS devices. new Ransomware It’s called Qlocker NAS servers Around the world exploits a security flaw. In exchange for their return (for returning their content), Bitcoin transaction request.
The attack began to appear on the QNAP devices on April 19, according to Relata asleep computer. Basically what Qlocker ransomware does is Compress files on NAS devices into encrypted archives with 7 zip files. To do this, the ransomware first accesses the NAS by exploiting a vulnerability in the system.
Once the files are encrypted, it only leaves a text file explaining the situation to the user. A note tells you that your files are encrypted with a unique key. To find out this unique password, you need to pay a A ransom of about 500 euros in bitcoin Hackers on the Tor Website.
Temporary solutions
In the past hours Cable hacker jack He made it clear Find a vulnerability in the ransomware system Skip the payment and get the free key. Hours later, intruders appeared They fixed this vulnerability The trick no longer works.
Update: It looks like this might have been fixed by the ransomware operators, unfortunately. I apologize if I can’t access your device before fixing it. About 50 keys worth $ 27,000 were decrypted.
– jack cable (jackhcable) April 22, 2021
For this part, QNAP sent an official statement To clarify the matter. They think hackers are using Vulnerability known as VE-2020-36195 To run ransomware on vulnerable devices. The recommendation they make is to update various components of NAS like QTS and Multimedia Console.
From QNAP they also recommend and Emphasize the importance of updating NAS software, especially Malware Remover. This brand anti virus software is up to date to detect and prevent ransomware from running on devices that are not yet infected. They say they are working on a solution to remove malware from already infected devices, too.
What to do if the NAS is already infected? QNAP recommends not turning off or restarting the NASInstead, run the latest version of Malware Remover and scan your entire NAS. Once done, contact QNAP Technical Support.
Via | Sleeping computer
More information | QNAP
Subtly charming zombie buff. Amateur analyst. Proud tvaholic. Beer fanatic. Web expert. Evil troublemaker. Passionate internet maven. Gamer. Food evangelist.