Qlocker is a new strain that is starting to spread. This malware uses a JavaScript-based approach to target QNAP devices and spreads from device to device.

In this blog, we will discuss what is Qlocker attack and how it affects QNAP devices.

What is Qlocker?

The Qlocker ransomware primarily attacks QNAP devices. While the reasons for this are not certain, it is highly possible that the designers of this malware are either targeting this company directly or they are after the millions of users who use their products. Since users typically use one centralized system to store all of their data, it is very likely that the virus only takes place within this network, or at least does minimal damage. Ransomware has emerged as one of the most decisive online dangers that affect both home users and organizations alike, given that it encrypts all information on affected computer systems and network drives, remains highly challenging to get rid of, renders computers useless, demands ransom payment, and can be quite costly.

The Qlocker ransomware attack was a coordinated attack across multiple continents that targeted thousands of systems with various consumer and industrial products from the Taiwanese company QNAP. All devices were running the old version of the QNAP operating system and were vulnerable to attacks. The attackers appeared to be waging cyberwarfare against the manufacturer and their customer.

On April 19, 2021, the first attack using Qlocker was reported. Since then, the number of attacks has been rising. Qlocker exploits regular consumers and small-to-medium business owners using QNAP  NAS for network storage. 

How does Qlocker attack?

A vulnerability exists in the software which allows an attacker to remotely execute code on any properly configured and updated server.

How can Businesses prevent Qlocker Attack

Hackers have been exploiting a weak log-in feature of many QNAP NAS devices to get jumped between them and change the root password. This results in the NAS being accessible from the Internet without log-in.

QNAP has become aware that people could be attacked by an exploit affecting QNAP products with outdated firmware. For this reason, QNAP recommends updating the firmware of your QNAP products to some of these versions.

To know more, please visit – https://www.qnap.com/en/security-advisory/qsa-21-12

  • QTS 4.5.2: HBS 3 v16.0.0415 and later
  • QTS 4.3.6: HBS 3 v3.0.210412 and later
  • QTS 4.3.3 and 4.3.4: HBS 3 v3.0.210411 and later
  • QuTS hero h4.5.1: HBS 3 v16.0.0419 and later
  • QuTS cloud c4.5.1~c4.5.4: HBS 3 v16.0.0419 and later

Note: QNAP NAS running HBS 2 and HBS 1.3 are not affected.

What should organizations do if attacked? 

If your  QNAP NAS has been attacked by Qlocker, do not turn off the NAS! Instead, run a malware scan to find out how many files have been affected and contact QNAP Data Recovery support immediately. QNAP provides various embedded services with certain models by connecting to the QNAP Central Management Console, which allows remote control, backup/restore your QNAP NAS drive, web access, and various other management tasks. Also, change the default Administrator username and password (admin:admin). Change the default network port (8080) that provides an entry point to the NAS operating system.

Also Visit – How to recover your files from the Qlocker attack

What is the impact of the attacks?

The QNAP NAS (Network Attached Storage) device is vulnerable to command injection attacks. This vulnerability allows an attacker to execute arbitrary OS commands with root privileges. This can be exploited in particular by calling the vulnerable service via port 8080/TCP or port 443/TCP, causing the system to run arbitrary OS commands under root privileges.

Century IT Consultants Opinion on Qlocker Ransomware                      

Targeted attacks such as the Qlocker ransomware attack are a real concern that you can’t afford to ignore. This type of assault shows that even slight vulnerabilities can be attacked and threats will evolve in complexity and variety. While the infection vector has been identified, it is up to enterprises to use solutions with advanced awareness and detection capabilities to enforce data management policies and contain spread of the attack until patches and updates can be applied.

Also Read: Guide to Recover Data From QNAP NAS Server

The challenge of guarding against malicious threats requires an automated, integrated security solution that enables organizations to detect threats across the extended network—including at the endpoint. Century ITc uses patented technology to help stop cyber threats before they cause damage.