Threat actors behind the Qlocker ransomware are yet again attacking QNAP Network Attached Storage (NAS) devices that are open to the Internet. Qlocker previously targeted QNAP users in a large ransomware campaign that began the week of April 19, encrypting files and transferring them into password-protected 7-zip packages with the .7z suffix after breaching their NAS machines.
According to QNAP, attackers were using the CVE-2021-28799 hard-coded credentials flaw in the HBS 3 Hybrid Backup Sync software to access customers’ devices and lock their data. Meanwhile, for some QNAP customers who were victims of the Qlocker ransomware attack last year, the warning arrived far too late after the criminals had extorted hundreds of QNAP users. In all, afflicted QNAP consumers lost almost $350,000 in a single month after paying ransoms of 0.01 bitcoins (approximately $500 at the time) to obtain the password needed for retrieving their data.
On January 6, a fresh Qlocker ransomware attack launched, with ransom letters titled !!!READ ME.txt on infected devices. These ransom letters also include the Tor site address (gvka2m4qt5fod2fltkjmdk4gxh5oxemhpgmnmtjptms6fkgfzdd62tad.onion). The victims are encouraged to visit this site to learn more about how much they must pay for recovering access to their data. The ransom demands on Tor victim pages range from 0.02 to 0.03 bitcoins.
Since the reinstatement of Qlocker on January 6, impacted QNAP customers have sent hundreds of ransom notes and encrypted files to the ID-Ransomware service. Unfortunately, Qlocker isn’t the only ransomware that targets QNAP NAS machines, as seen by a recent wave of ech0raix ransomware attacks. Earlier this month, the company also alerted that customers should disable Port Forwarding on their routers and the UPnP capability on their devices to protect Internet-exposed NAS systems from continuous ransomware and brute-force assaults.
Last year, QNAP warned consumers to protect their devices against upcoming threats such as the Agelocker and eCh0raix ransomware operations. If you wish to protect your QNAP device from additional attacks, the NAS manufacturer suggests following best practices.