Monday, February 17, 2025
HomeRansomwareRansomware Strain Qlocker Targeting QNAP NAS Flaws - Patch It!

Ransomware Strain Qlocker Targeting QNAP NAS Flaws – Patch It!

Published on

SIEM as a Service

Follow Us on Google News

The cybersecurity experts pronounced recently in a report that they have detected a new ransomware, Qlocker. This ransomware has gone viral, by attacking hundreds of QNAP network-attached storage (NAS) every day.

However, this ransomware is one of the biggest campaigns that have used two ransomware known as “Qlocker” and “eCh0raix”. This two ransomware are slowly laying out to the servers of NAS around the world, and exploiting a vulnerability.

According to the report, this ransomware packs the victim’s files that are generally stored on devices into password-protected 7zip archives, and later it charges $550 as ransom to restore the file.

The most important feature of this malware is very dangerous, as it continuously put the users in serious trouble. The very first case of this ransomware came to the lights on April 20, 2021, after that the number of victims started increasing day by day.

After a proper investigation, the researchers claimed that On April 22, QNAP has encouraged all its customers to install the most advanced updates for three applications, so that they can prevent this kind of possible ransomware attacks.

Initially, in this ransomware attack, the victim will notice a text file called READ_ME.txt. After investigating the attack the researchers said that this one will find a unique key to access all the payment sites via Tor.

However, the payment is being made is 0.01 bitcoin, which is equivalent to Rs.37561.61 at the current exchange rate. Not only this, but the message directly indicates to the user that all their files have been encrypted.

Moreover, the text which has been sent by the hackers also includes a unique key that the victim must enter the attacker’s website within the Tor network and make a payment as soon as possible.

QNAP declared that they are trying their best, and are working on learning more regarding the problem and the ransomware. However, the researchers have provided a full solution to all the victims after proper investigation through which they can easily recover the files.

Moreover, QNAP is still trying to find any loopholes or weaknesses of the ransomware so that they can provide strong ​implementation to the victims. 

Apart from this, they are not turning off the NAS, but they are recommending the users to install and run the “Malware Remover” for the operating systems like QTS and QuTS hero.

The analyst also remarked that it is quite necessary to update the “Multimedia Console”, “Media Streaming Add-on” and “Hybrid Backup Sync” applications to the most advanced version that is available, and by this version, users can easily prevent the malware from spreading.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Android’s New Security Feature Prevents Sensitive Setting Changes During Calls

Phone scams are becoming more sophisticated with advancements in AI-driven speech tools, making it...

Hackers Exploit Microsoft Teams Invites to Gain Unauthorized Access

The Microsoft Threat Intelligence Center (MSTIC) has uncovered an ongoing and sophisticated phishing campaign...

Meta’s Bug Bounty Initiative Pays $2.3 Million to Security Researchers in 2024

Meta's commitment to cybersecurity took center stage in 2024 as the tech giant awarded...

Google Chrome Introduces AI to Block Malicious Websites and Downloads

Google has taken a significant step in enhancing internet safety by integrating artificial intelligence...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Palo Alto Firewall Flaw Exploited in RA World Ransomware Attacks

A recent ransomware attack leveraging a vulnerability in Palo Alto Networks' PAN-OS firewall software...

ZeroLogon Ransomware Exploits Windows AD to Hijack Domain Controller Access

A newly intensified wave of ransomware attacks has surfaced, leveraging the infamous ZeroLogon vulnerability...

Cl0p Ransomware Hide Itself on Compromised Networks After Exfiltrate the Data

The Cl0p ransomware group, a prominent player in the cybercrime landscape since 2019, has...