Security News > 2021 > April > Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices
A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives.
The ransomware is called Qlocker and began targeting QNAP devices on April 19th, 2021.
According to reports from victims in a BleepingComputer Qlocker support topic, the attackers use 7-zip to move files on QNAP devices into password-protected archives.
While the files are being locked, the QNAP Resource Monitor will display numerous '7z' processes which are the 7zip command-line executable.
QNAP told BleepingComputer that they believe Qlocker exploits the CVE-2020-36195 vulnerability to execute the ransomware on vulnerable devices.
Qlocker IOCs: Associated Files: !!!READ ME.txt Ransom note text: !!! All your files have been encrypted !!! All your files were encrypted using a private and unique key generated for the computer.
News URL
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-17 | CVE-2020-36195 | SQL Injection vulnerability in Qnap QTS An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. | 9.8 |