As you know, QNAP NAS users from all over the world have suddenly found their files encrypted after the ransomware operation Qlocker exploited some vulnerabilities on their devices.

Usually, when discussing ransomware groups, we talk about the new malware they’ve worked on in order to successfully exploit vulnerabilities, but in this case, Qlocker only had to scan for the QNAP devices connected to the Internet.

Qlocker ransom request


The recently disclosed vulnerabilities, offered an easy exploit, allowing the threat actors to remotely execute the 7zip archival utility and password protect all the files on the victims’ NAS storage devices, therefore being able to encrypt over a thousand devices in only five days.

Usually, the ransomware prices can vary between $100,000 and $50 million in order to decrypt all of a victim’s devices and not leak their stolen data, but interestingly enough, Qlocker went into a different direction targeting consumers and small-to-medium business owners that were using the QNAP NAS devices for network storage.

It looks like the threat actors are quite familiar with their targets as they priced their ransom demands at just 0.01 Bitcoins.

The security researcher Jack Cable discovered a short-lived bug that allowed him to recover the passwords of 55 Qlocker victims passwords for free, whilst also being able to collect ten different Bitcoin addresses the threat actors were rotating with victims and shared them with the news publication BleepingComputer.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Network DNS Security

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

It looks like the ransom payments are totaling 5.25735623 Bitcoins so far, an amount equivalent to $258,494. With the ransomware campaign still ongoing, new victims will certainly appear every day, so all QNAP users must update the latest versions of the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps in order to fix the vulnerabilities and protect themselves against ransomware attacks.

Ransomware-as-a-Service (RaaS) – The Rising Threat to Cybersecurity

Qlocker Ransomware Attack Uses 7zip to Encrypt QNAP Devices

Leave a Reply

Your email address will not be published. Required fields are marked *