Ransomware Strain Qlocker Targeting QNAP NAS Flaws – Patch It!

The cybersecurity experts pronounced recently in a report that they have detected a new ransomware, Qlocker. This ransomware has gone viral, by attacking hundreds of QNAP network-attached storage (NAS) every day.

However, this ransomware is one of the biggest campaigns that have used two ransomware known as “Qlocker” and “eCh0raix”. This two ransomware are slowly laying out to the servers of NAS around the world, and exploiting a vulnerability.

According to the report, this ransomware packs the victim’s files that are generally stored on devices into password-protected 7zip archives, and later it charges $550 as ransom to restore the file.

The most important feature of this malware is very dangerous, as it continuously put the users in serious trouble. The very first case of this ransomware came to the lights on April 20, 2021, after that the number of victims started increasing day by day.

After a proper investigation, the researchers claimed that On April 22, QNAP has encouraged all its customers to install the most advanced updates for three applications, so that they can prevent this kind of possible ransomware attacks.

Initially, in this ransomware attack, the victim will notice a text file called READ_ME.txt. After investigating the attack the researchers said that this one will find a unique key to access all the payment sites via Tor.

However, the payment is being made is 0.01 bitcoin, which is equivalent to Rs.37561.61 at the current exchange rate. Not only this, but the message directly indicates to the user that all their files have been encrypted.

Moreover, the text which has been sent by the hackers also includes a unique key that the victim must enter the attacker’s website within the Tor network and make a payment as soon as possible.

QNAP declared that they are trying their best, and are working on learning more regarding the problem and the ransomware. However, the researchers have provided a full solution to all the victims after proper investigation through which they can easily recover the files.

Moreover, QNAP is still trying to find any loopholes or weaknesses of the ransomware so that they can provide strong ​implementation to the victims. 

Apart from this, they are not turning off the NAS, but they are recommending the users to install and run the “Malware Remover” for the operating systems like QTS and QuTS hero.

The analyst also remarked that it is quite necessary to update the “Multimedia Console”, “Media Streaming Add-on” and “Hybrid Backup Sync” applications to the most advanced version that is available, and by this version, users can easily prevent the malware from spreading.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.