Saturday, May 24, 2025
HomeRansomwareRansomware Strain Qlocker Targeting QNAP NAS Flaws - Patch It!

Ransomware Strain Qlocker Targeting QNAP NAS Flaws – Patch It!

Published on

SIEM as a Service

Follow Us on Google News

The cybersecurity experts pronounced recently in a report that they have detected a new ransomware, Qlocker. This ransomware has gone viral, by attacking hundreds of QNAP network-attached storage (NAS) every day.

However, this ransomware is one of the biggest campaigns that have used two ransomware known as “Qlocker” and “eCh0raix”. This two ransomware are slowly laying out to the servers of NAS around the world, and exploiting a vulnerability.

According to the report, this ransomware packs the victim’s files that are generally stored on devices into password-protected 7zip archives, and later it charges $550 as ransom to restore the file.

- Advertisement - Google News

The most important feature of this malware is very dangerous, as it continuously put the users in serious trouble. The very first case of this ransomware came to the lights on April 20, 2021, after that the number of victims started increasing day by day.

After a proper investigation, the researchers claimed that On April 22, QNAP has encouraged all its customers to install the most advanced updates for three applications, so that they can prevent this kind of possible ransomware attacks.

Initially, in this ransomware attack, the victim will notice a text file called READ_ME.txt. After investigating the attack the researchers said that this one will find a unique key to access all the payment sites via Tor.

However, the payment is being made is 0.01 bitcoin, which is equivalent to Rs.37561.61 at the current exchange rate. Not only this, but the message directly indicates to the user that all their files have been encrypted.

Moreover, the text which has been sent by the hackers also includes a unique key that the victim must enter the attacker’s website within the Tor network and make a payment as soon as possible.

QNAP declared that they are trying their best, and are working on learning more regarding the problem and the ransomware. However, the researchers have provided a full solution to all the victims after proper investigation through which they can easily recover the files.

Moreover, QNAP is still trying to find any loopholes or weaknesses of the ransomware so that they can provide strong ​implementation to the victims. 

Apart from this, they are not turning off the NAS, but they are recommending the users to install and run the “Malware Remover” for the operating systems like QTS and QuTS hero.

The analyst also remarked that it is quite necessary to update the “Multimedia Console”, “Media Streaming Add-on” and “Hybrid Backup Sync” applications to the most advanced version that is available, and by this version, users can easily prevent the malware from spreading.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Inside LockBit: Data Leak Reveals Leading Affiliates and How They Operate

A massive data leak from the LockBit ransomware group, published on its hijacked leak...

Russian Hacker Indicted Over $24 Million Qakbot Ransomware Operation

The U.S. Department of Justice has unsealed a federal indictment against Rustam Rafailevich Gallyamov,...

VanHelsing Ransomware Builder Exposed on Hacker Forums

The cybersecurity landscape reveal that the VanHelsing ransomware operation has experienced a significant security...