The Ransomware Targets QNAP NAS Devices Worldwide.
Last updated on June 7, 2022
Qlocker is a specific ransomware that infiltrates users’ storage devices and operates as a file locker, keeping users out unless they supply a password.
The Qlocker ransomware only affects QNAP network-attached storage (NAS) equipment. It encrypts the user’s files in a 7-zip format and secures them using a password. Once the files have been encrypted, victims are left with a.7z file, a ReadMe file with a ransom message, and a key to the ransomware payment site.
Is Qlocker Back?
It seems that threat actors behind the Qlocker ransomware are once again targeting Internet-exposed QNAP Network Attached Storage (NAS) devices worldwide.
The latest Qlocker ransomware attack started on January 6, and it delivers ransom letters with the filename!!!READ ME.txt on infected machines.
As reported by BleepingComputer, the Tor site URL is also included in these ransom letters. The victims of the ransomware are urged to visit the website in order to learn how much they will have to pay to recover access to their data.
Unfortunately, Qlocker is not the only ransomware that targets QNAP NAS equipment, as seen by an increase in ech0raix ransomware assaults that began just before Christmas.
Earlier this month, QNAP also advised its customers to protect their Internet-connected NAS systems against continuous ransomware and brute-force assaults by deactivating Port Forwarding on their routers and the UPnP capability on their machines.
If you wish to protect your QNAP equipment against future assaults, the NAS manufacturer suggests using the recommended practices listed below.
You can check the NAS and configure system settings following the recommendations to better secure your device and protect your data.
Remove unknown or suspicious accounts.
Remove unknown or suspicious applications.
Disable auto-router configuration and set up device access controls in myQNAPcloud.
Disable port forwarding on the router, remote connect using myQNAPcloud Link or QVPN Service.
Change the System Port Number if NAS is directly connected to the Internet.
Install and run the latest version of Malware Remover.
Change passwords for all accounts.
Update installed QTS applications to the latest versions.
However you choose to proceed, please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it.
In the fight against ransomware, Heimdal™ Security is offering its customers an outstanding integrated cybersecurity suite including the Ransomware Encryption Protection module, that is universally compatible with any antivirus solution, and is 100% signature-free, ensuring superior detection and remediation of any type of ransomware, whether fileless or file-based (including the most recent ones like LockFile).
Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.