Security News > 2021 > April > Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices

Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices
2021-04-21 17:44

A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives.

The ransomware is called Qlocker and began targeting QNAP devices on April 19th, 2021.

According to reports from victims in a BleepingComputer Qlocker support topic, the attackers use 7-zip to move files on QNAP devices into password-protected archives.

While the files are being locked, the QNAP Resource Monitor will display numerous '7z' processes which are the 7zip command-line executable.

QNAP told BleepingComputer that they believe Qlocker exploits the CVE-2020-36195 vulnerability to execute the ransomware on vulnerable devices.

Qlocker IOCs: Associated Files: !!!READ ME.txt Ransom note text: !!! All your files have been encrypted !!! All your files were encrypted using a private and unique key generated for the computer.


News URL

https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-04-17 CVE-2020-36195 SQL Injection vulnerability in Qnap QTS
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on.
network
low complexity
qnap CWE-89
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qnap 80 4 97 122 76 299