The Qlocker Ransomware Targets QNAP Devices

Over the past year, QNAP devices have become the target of multiple large-scale attack campaigns carried out by anonymous cybercriminals. Many of these attacks involved the use of file-encryption Trojans and, unfortunately, the latest one is not any different. A newly identified threat, tracked under the alias Qlocker Ransomware, has been actively targeting QNAP devices since April 19th. The number of infected devices and reports from victims is rising rapidly, and it appears that the Qlocker Ransomware campaign is quickly gaining pace.

Unlike traditional ransomware, the Qlocker Ransomware does not encrypt the files stored on the device – instead, it puts them in a password-protected archive whose password is sent to the server of the attackers. Of course, the Qlocker Ransomware's authors have made sure to program their malware to drop a ransom note that explains the situation to the victim – it is stored under the name '!!!READ_ME.txt.'

The attackers ask the victim to download and install the TOR Browser, and then visit a TOR-based website to pay the ransom fee. The criminals ask for 0.01 Bitcoin (approximately $560) in exchange for the password, but they do not provide any proof that they can be trusted.

The scary thing about the Qlocker Ransomware campaign is that the hackers are compromising devices by using old QNAP vulnerabilities that were patched only recently. If you are using a QNAP device, you should immediately apply the latest firmware updates to make sure that you are protected from the Qlocker Ransomware and similar malware. Unfortunately, free data recovery is not an option when it comes to the Qlocker Ransomware attack – victims will only be able to restore their data from a backup.

April 22, 2021