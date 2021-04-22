“All your files have been encrypted !!!” With this message some QNAP users, the brand of NAS devices. A new ransomware called Qlocker is taking over NAS servers around the world by exploiting a vulnerability. In exchange for returning them (for returning their content), request a Bitcoin transaction.

The attack began to appear on QNAP devices on April 19, according to Bleeping Computer. Essentially what the Qlocker ransomware is doing is compress files on NAS devices into encrypted 7-zip archives. To do this, the ransomware first accesses the NAS by exploiting a vulnerability in the system.

Once the files are encrypted, it leaves only a text file in which it explains the situation to the user. The note tells you that your files are encrypted with a unique key. To know that unique password you have to pay a ransom of around 500 euros in Bitcoin hackers on a Tor website.

Temporary solutions

In the last hours the hacker Jack Cable explained that he got find a vulnerability in the ransomware system to skip the payment and get the free key. Hours later, it appears that hackers fixed that vulnerability and the trick no longer works.

Update: it looks like this may have been fixed by the ransomware operators, unfortunately. I apologize if I was not able to get to yours before it was fixed. In total decrypted around 50 keys worth $ 27k. – Jack Cable (@jackhcable) April 22, 2021

For its part, QNAP has sent an official statement to clarify the matter. They believe hackers are using a vulnerability known as VE-2020-36195 to run the ransomware on vulnerable devices. The recommendation they are making is to update various components of the NAS such as QTS and Multimedia Console.

From QNAP they also recommend and emphasize the importance of updating NAS software, especially Malware Remover. This brand antivirus is up to date to detect ransomware and prevent it from running on devices not yet infected. They say they are working on a solution to remove malware from already infected devices as well.

What do you do if the NAS is already infected? QNAP recommends not shutting down or restarting the NASInstead, run the latest version of Malware Remover and scan the entire NAS. Once done, contact QNAP technical support.

Via | Bleeping Computer

More information | QNAP