Ransomware Gang Made $260,000 By Using The 7zip Utility
$260,000 Made in Just Five Days by Remotely Encrypting Files on QNAP Devices Using the 7zip Archive Program.
As you know, QNAP NAS users from all over the world have suddenly found their files encrypted after the ransomware operation Qlocker exploited some vulnerabilities on their devices.
Usually, when discussing ransomware groups, we talk about the new malware they’ve worked on in order to successfully exploit vulnerabilities, but in this case, Qlocker only had to scan for the QNAP devices connected to the Internet.
The recently disclosed vulnerabilities, offered an easy exploit, allowing the threat actors to remotely execute the 7zip archival utility and password protect all the files on the victims’ NAS storage devices, therefore being able to encrypt over a thousand devices in only five days.
Usually, the ransomware prices can vary between $100,000 and $50 million in order to decrypt all of a victim’s devices and not leak their stolen data, but interestingly enough, Qlocker went into a different direction targeting consumers and small-to-medium business owners that were using the QNAP NAS devices for network storage.
It looks like the threat actors are quite familiar with their targets as they priced their ransom demands at just 0.01 Bitcoins.
The security researcher Jack Cable discovered a short-lived bug that allowed him to recover the passwords of 55 Qlocker victims passwords for free, whilst also being able to collect ten different Bitcoin addresses the threat actors were rotating with victims and shared them with the news publication BleepingComputer.
Heimdal™ Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
It looks like the ransom payments are totaling 5.25735623 Bitcoins so far, an amount equivalent to $258,494. With the ransomware campaign still ongoing, new victims will certainly appear every day, so all QNAP users must update the latest versions of the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps in order to fix the vulnerabilities and protect themselves against ransomware attacks.