Some users of QNAP, one of the best selling brands of NAS (network attached storage) devices, are finding their files encrypted and the following message: “All of your files have been encrypted !!!”. The work is a new ransomware, called Qlocker, is attacking NAS servers worldwide, exploiting a vulnerability. In return for returning them (as well as their content), a payment is requested through a Bitcoin transaction. The attacks began to appear on QNAP devices on April 19, according to the portal Bleeping Computer. Essentially, what the Qlocker ransomware is doing is compressing the files on the NAS devices into encrypted 7-zip files. To do this, the ransomware first accesses the NAS by exploiting a vulnerability in the system.
After the files are encrypted, the ransomware leaves only a readable text file, which explains the situation to the user. The note states that his files are encrypted with a unique key and that to obtain that key, a ransom of about 500 euros in Bitcoin must be paid to hackers on a Tor website. Two days ago, expert Jack Cable said he had found a vulnerability in the cybercriminals’ encryption system, being able to obtain the key free of charge. Hours later, hackers fixed this vulnerability and the trick no longer works.
QNAP issued an official statement to clarify the matter. The company says it believes that hackers are using a vulnerability known as VE-2020-36195 and running the ransomware on vulnerable devices. QNAP’s recommendation is to update various NAS components, such as QTS and Multimedia Console. The importance of updating NAS software is emphasized, especially Malware Remover, an updated antivirus that detects ransomware and prevents it from running on uninfected devices. The company said it is working on a solution to remove malware from already infected devices as well.
QNAP recommends not to shut down or restart the NAS, but to run the latest version of Malware Remover and scan the entire NAS.
With international news agencies
See the original post at: https://www.cisoadvisor.com.br/centenas-de-storages-qnap-estao-sendo-atacados-por-ransomware/?rand=59039