Hi, I wanted to report on this news that’s been hitting my news feed since today and that I feel might interest many people here that are using a Qnap NAS at the moment:
tl;dr The cryptolocker Qlocker is moving all the victims files to .7zip password protected archives and asking for 0.01BTC ransom to decrypt the files. Seems like a vulnerability in the cryptolocker has been found to recover for free the crypted data. Stay tuned.
Feel free to add more links regarding this news update.
I decided to create a thread because I feel this news needs to reach as much users as possible. If it’s not deemed worthy of a thread I’ll move this to the news story dump thread. Thanks.
I think there were recent reports of QNAP vulnerability and QNAP refuses to fix them (as heard from Security now podcast) This was the source of the news:
Looks like hackers arent wasting any opportunity to make money off ransomware.
I guess attacking a NAS can net even more profit than attacking a PC since they’re usually used to store data and backups long term.
Qnap is also terrible for not addressing such a gigantic vulnerability, since it has been found and it’s out in the open.
But also the article I posted talks about two vulnerabilities being fixed not that long ago, but I don’t know if those are the same you linked.