Table of Contents
There appears to be an international ransomware campaign targeting QNAP devices, and customers are now finding their files in the 7zip archives protected by passwords.
In April 2021, ransomware, which is known as Qlocker, targeted QNAPNAS computers.
Hackers use 7-zip to transfer files to password-protected archives on QNAPNAS computers.
The QNAPNAS Resource Monitor shows 72 processes during locking of the files, which can be executed with the 7zip command line. Qnap computer files will be saved as 7-zip files with a.7z extension, once ransomware is completed.
Those archives can only be retrieved by entering the password selected by the perpetrator.
In short, once the QNAPNAS devices have been encrypted, a ransom note with a special client key will appear from which users will be able to deposit Bitcoins approximately 0.01, which is roughly $557.74, to regain access to their archived data.
A 7Zip archive password will be displayed on the Tor Payments website after payment is made and an invalid Bitcoin Tax ID is entered.
This password is exclusive to the victim and cannot be used on the computers of other victims.
An investigative security investigator, Jack Cable, announced that a bug found in the Qlocker Tor platform allows users to freely retrieve their 7zip passwords.
During the same time, Jack Cable created a support system to further exploit this vulnerability then the ransomware company patched it an hour later.
No one can recover files without each password, which is not available for free by now at this point.
“QNAPNASstrongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAPNAS. The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAPNAS from ransomware attacks. QNAPNASis urgently working on a solution to remove malware from infected devices,” QNAPNAS stated in a security advisory.