In the latest developments, Qlocker ransomware has been found to be actively targeting 7zip archives files, QNAP device users since April 19.
Malicious Qlocker Ransomware:
In the cyberattack perpetrated by the Qlocker ransomware, it was detected that the attack utilizes user files and stashes them in password-protected demanding money to get back the files.
Security experts have discovered that the QNAP’S integrated Resource Monitor flashes multiple 7zip processes when the files are being made inaccessible.
Once the Qlocker ransomware has terminated its procedures, the files are then stashed in locked archives with a .7z extension.
Subsequently, the suggested QNAP devices or systems are shown a ransom note.
This ransom note contains a peculiar client key that the victim will have to enter in the Tor payment website that the malicious actors use for the ransom.
Bitcoin demanded in ransom:
As for the amount demanded as ransom, 0.01 Bitcoin was demanded in exchange for releasing the files which sum up to about $557.
However, a bug or flaw was found shortly after the cyberattack was initiated, which facilitated the Qlocker ransomware victims to recover the 7zip passwords, but the attackers were quick to patch it.
QNAP addressing the ransomware attack:
QNAP, addressing the Qlocker ransomware attack, has since eliminated the backdoor account in its NAS backup, a disaster recovery app that allowed the attack to take place.
QNAP says that the security vulnerability has now been patched in several versions of its software. Users have been recommended to upgrade their software to mitigate any advanced cyber risks.
The vulnerability, tracked as CVE-2021-28799, has been released as a security note by QNAP that addresses its patching.
However, the company is of the opinion that the Qlocker ransomware is exploiting a SQL Injection vulnerability, tracked as CVE-2020-36195.
According to the network devices organization, the publishing delay was a result of the supplementary time required to release patches for QuTS hero and QutScloud versions.