A new ransomware strain called "Qlocker" is targeting QNAP network attached storage - Hexafusion Blog | Hexafusion
  • Contact Us At

    Vancouver: 604-757-2010

         Toronto: 416-236-6300

  • E-Mail Us @


Hexafusion Blog

A new ransomware strain called "Qlocker" is targeting QNAP network attached storage


A new ransomware strain called "Qlocker" is targeting QNAP network attached storage (NAS) devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives.

First reports of the infections emerged on April 20, with the adversaries behind the operations demanding a bitcoin payment (0.01 bitcoins or about $500.57) to receive the decryption key.

In response to the ongoing attacks, the Taiwanese company has released an advisory prompting users to apply updates to QNAP NAS running Multimedia Console, Media Streaming Add-on, and HBS 3 Hybrid Backup Sync to secure the devices from any attacks.

"QNAP strongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAP NAS," the company said. "The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks."

Patches for the three apps were released by QNAP over the last week. CVE-2020-36195 concerns an SQL injection vulnerability in QNAP NAS running Multimedia Console or Media Streaming Add-on, successful exploitation of which could result in information disclosure. On the other hand, CVE-2021-28799 relates to an improper authorization vulnerability affecting QNAP NAS running HBS 3 Hybrid Backup Sync that could be exploited by an attacker to log in to a device.

But it appears that Qlocker is not the only strain that's being used to encrypt NAS devices, what with threat actors deploying another ransomware named "eCh0raix" to lock sensitive data. Since its debut in July 2019, the eCh0raix gang is known for going after QNAP storage appliances by leveraging known vulnerabilities or carrying out brute-force attacks.

QNAP is also urging users to the latest version of Malware Remover to perform a scan as a safety measure while it's actively working on a solution to remove malware from infected devices.

"Users are advised to modify the default network port 8080 for accessing the NAS operating interface," the company recommended, adding "the data stored on NAS should be backed up or backed up again utilizing the 3-2-1 backup rule, to further ensure data integrity and security."

News source: https://thehackernews.com/2021/04/new-qnap-nas-flaws-exploited-in-recent.html

Apple has released security updates to address vul...
Emotet Malware Destroys Itself From All Infected C...

By accepting you will be accessing a service provided by a third-party external to https://hexafusion.com/

Customer Login

Contact us

Learn more about what Hexafusion can do for your business.

Vancouver:  604-757-2010
Toronto:  416-236-6300

250 - 997 Seymour Street
Vancouver, British Columbia V6B 3M1