Security News > 2021 > April > Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices
A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives.
The ransomware is called Qlocker and began targeting QNAP devices on April 19th, 2021.
According to reports from victims in a BleepingComputer Qlocker support topic, the attackers use 7-zip to move files on QNAP devices into password-protected archives.
While the files are being locked, the QNAP Resource Monitor will display numerous '7z' processes which are the 7zip command-line executable.
QNAP told BleepingComputer that they believe Qlocker exploits the CVE-2020-36195 vulnerability to execute the ransomware on vulnerable devices.
Qlocker IOCs: Associated Files: !!!READ ME.txt Ransom note text: !!! All your files have been encrypted !!! All your files were encrypted using a private and unique key generated for the computer.
News URL
Related news
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-17 | CVE-2020-36195 | SQL Injection vulnerability in Qnap QTS An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. | 9.8 |