Ransomware Strain Qlocker Targeting QNAP NAS Flaws – Patch It!

A new ransomware strain called Qlocker is infecting hundreds of QNAP NAS devices every day and demanding a $550 ransom payment.

The first reports of the infections emerged on April 20, with the adversaries behind the operations demanding a bitcoin payment (0.01 bitcoins or about $500.57) to receive the decryption key.

QNAP Systems, Inc. (QNAP), leading computing, networking, and storage solution innovator, issued a statement in response to recent user reports and media coverage that two types of ransomware (Qlocker and eCh0raix) are targeting QNAP NAS and encrypting users’ data for ransom.

The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks. QNAP is urgently working on a solution to remove malware from infected devices.

Patches Available

Patches for the three apps were released by QNAP over the last week.

CVE-2020-36195 concerns an SQL injection vulnerability in QNAP NAS running Multimedia Console or Media Streaming Add-on, successful exploitation of which could result in information disclosure. 

On the other hand, CVE-2021-28799 relates to an improper authorization vulnerability affecting QNAP NAS running HBS 3 Hybrid Backup Sync that could be exploited by an attacker to log in to a device.

Experts say Qlocker is not the only strain that’s being used to encrypt NAS devices, what with threat actors deploying another ransomware named “eCh0raix” to lock sensitive data.

Since its debut in July 2019, the eCh0raix gang is known for going after QNAP storage appliances by leveraging known vulnerabilities or carrying out brute-force attacks.

Experts pointed out that at the time of this writing, there is no way of recovering the data that were stored by Qlocker in the 7zip archive without paying the ransom.

QNAP strongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAP NAS. 

The vendor has updated the Malware Remover tool for QTS and QuTS platforms in response to the last wave of attacks.

Experts suggested that those unaffected users should install the latest Malware Remover version and run a malware scan as a precautionary measure. 

It is also recommended to use strong passwords and to modify the default network port 8080 for accessing the NAS operating interface. Update the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps to the latest versions.

“The data stored on NAS should be backed up or backed up again utilizing the 3-2-1 backup rule, to further ensure data integrity and security.”, the company mentions.

Also Read

Browser Locker Ransomware – A Fake Page that Threatens user and demands Ransom

Tech Gaint Acer Hit by a REvil Ransomware – Attackers Demanding $50,000,000 Ransom


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

10 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

14 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

14 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

16 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

17 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

18 hours ago