[RANSOMWARE] 4/20/2021 - QLOCKER

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply
User avatar
McBride
Know my way around
Posts: 105
Joined: Fri Jun 07, 2013 3:00 pm
Location: Vienna

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by McBride » Fri Apr 23, 2021 4:50 am

jaysona wrote:
Fri Apr 23, 2021 4:29 am
McBride wrote:
Fri Apr 23, 2021 3:30 am
That’s called gross negligence and can have legal consequences.


Austria est imperare orbi universo
You would think so, but that is not the case. Read the software license and usage agreement you accept when you use the NAS. You effectively agree to an as-is use of the software and QNAP provides no guarantees about its software.

I have had numerous "discussions" with "software engineers" that I know and have told more than a few that if they were civil engineers, they would be in jail for gross negligence. The issue is that software people (aside from certain Aerospace applications) have absolutely no legal obligations whatsoever when it comes to software code robustness.
There is a difference between software bugs and gross negligence. Therefore I think this will not fly, at least not in Europe. The first time in my life I am seriously thinking about letting a (my) lawyer looking into something like this. Why? because I am angry.

saturdaynightyay
Starting out
Posts: 19
Joined: Thu Apr 22, 2021 6:22 pm

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by saturdaynightyay » Fri Apr 23, 2021 4:51 am

phr34 i have used paxful in the past for bicoin, it seemed straight forward enough

User avatar
dolbyman
Guru
Posts: 22793
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by dolbyman » Fri Apr 23, 2021 4:58 am

McBride wrote:
Fri Apr 23, 2021 4:50 am
There is a difference between software bugs and gross negligence. Therefore I think this will not fly, at least not in Europe. The first time in my life I am seriously thinking about letting a (my) lawyer looking into something like this. Why? because I am angry.
Good luck.. that is not QNAPs first crypto malware attack rodeo ... and they are still around

https://www.zdnet.com/article/cisa-says ... h-malware/
https://www.bleepingcomputer.com/news/s ... s-devices/
etc

User avatar
jaysona
Been there, done that
Posts: 666
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by jaysona » Fri Apr 23, 2021 5:00 am

McBride wrote:
Fri Apr 23, 2021 4:50 am
There is a difference between software bugs and gross negligence. Therefore I think this will not fly, at least not in Europe. The first time in my life I am seriously thinking about letting a (my) lawyer looking into something like this. Why? because I am angry.
I'm angry too, and all the power to you to pursue this. I just don't think it'll go anywhere and end up just costing a lot of money and wasting time.

Gross Negligence generally involves the health and safety of an individual. I fail to see how Qlocker has any sort of direct impact to a persons health and safety.
H/W: Asustor AS6604T (8Gig) / Asustor AS7010T (16Gig)
H/W: TS-219 Pro / TS-509 Pro x2 / TS-569 Pro (being decommissioned)
H/W: TS-670 Pro (i7-3770S 16Gig) / TVS-EC1080 (32Gig) TVS-871 (i7-4790S 16Gig)
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.12
Router2: Asus RT-AC68U - DD-WRT v3.0-r39960M kongac
Router3: Linksys WRT1900AC - DD-WRT v3.0-r43028 std
Router4: Asus RT-AC66U - FreshTomato v2021.2

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8Gig) / TS-853 Pro (8Gig) / TS-670 Pro (i7-3770S 16Gig)

saturdaynightyay
Starting out
Posts: 19
Joined: Thu Apr 22, 2021 6:22 pm

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by saturdaynightyay » Fri Apr 23, 2021 5:01 am

there is another solution you can try to recover the deleted files: https://www.bleepingcomputer.com/forums ... ?p=5171464

Fly100
Getting the hang of things
Posts: 86
Joined: Fri Dec 26, 2008 4:07 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by Fly100 » Fri Apr 23, 2021 5:04 am

I guessing we have asked the question, all the victims dont have the same password do they ???

Happy to share mine.

User avatar
dolbyman
Guru
Posts: 22793
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by dolbyman » Fri Apr 23, 2021 5:06 am

Was already discussed in the bleepingcomputer thread, password are unique

Fly100
Getting the hang of things
Posts: 86
Joined: Fri Dec 26, 2008 4:07 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by Fly100 » Fri Apr 23, 2021 5:07 am

saturdaynightyay wrote:
Fri Apr 23, 2021 4:17 am
fly100, so you log on to ssh and type those 3 commands (1 for each line) in order ?

after entering line 1 i get:

-sh: dir: command not found :ashamed:

Ah it looks like its a dos command, I should try it from PC

Cheers
Create a new txt document on you pc, and paste those lines into it. then save it as Fixme.bat . Copy it into the dir with the .7z are and it will unzip them. replace there p******** with you password keeping the p.

syncthing
Know my way around
Posts: 121
Joined: Mon Aug 13, 2018 4:58 pm

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by syncthing » Fri Apr 23, 2021 5:10 am

McBride wrote:
Fri Apr 23, 2021 4:50 am
There is a difference between software bugs and gross negligence. Therefore I think this will not fly, at least not in Europe. The first time in my life I am seriously thinking about letting a (my) lawyer looking into something like this. Why? because I am angry.
you will face many problems and maybe just lose money
just out of curiosity where can the licence agreement for QTS be found?
but I am pretty sure it is something like you use it at your own risk and there is no liability for anything

saturdaynightyay
Starting out
Posts: 19
Joined: Thu Apr 22, 2021 6:22 pm

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by saturdaynightyay » Fri Apr 23, 2021 5:11 am

thanks fly but it doesnt really work for me.

Batch file either freezes like its doing something or flashes on and off for a second.

Sometimes it does a few files but didnt really get anywhere.

We need an SSH guru to give us some commands to run on the nas itself (similar to what the hacker did only reversed)

phr34k
Starting out
Posts: 26
Joined: Wed Dec 09, 2015 2:59 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by phr34k » Fri Apr 23, 2021 5:15 am

Could someone please explain wich bitcoin site i can use to buy bitcoins so i can pay these guys? I have tried 2-3 diffrent bitcoin services but they dont permit me to send the money to an adress

jbennett360
Getting the hang of things
Posts: 65
Joined: Tue Aug 08, 2017 1:04 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by jbennett360 » Fri Apr 23, 2021 5:16 am

Someone on Reddit mentioned that they have stuff syncing with OneDrive via HBS and it was OneDrive that flagged they may be victim of ransomware (presumably after a sync that uploaded a load of .7z and readme.txt files) that's how they found out they'd been hit.

I guess it's good in a way that MS are doing that?

User avatar
jaysona
Been there, done that
Posts: 666
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by jaysona » Fri Apr 23, 2021 5:18 am

syncthing wrote:
Fri Apr 23, 2021 5:10 am

you will face many problems and maybe just lose money
just out of curiosity where can the licence agreement for QTS be found?
but I am pretty sure it is something like you use it at your own risk and there is no liability for anything
There is an agreement that is presented upon the first login to the QTS admin webpage, I am not sure how to access it again, but I am sure it can be found on the NAS somewhere, if anyone case to go looking for it.

There is one posted on the website as well, I am just not certain if the two are the same.
https://www.qnap.com/en/before_buy/con_ ... one&cid=14
H/W: Asustor AS6604T (8Gig) / Asustor AS7010T (16Gig)
H/W: TS-219 Pro / TS-509 Pro x2 / TS-569 Pro (being decommissioned)
H/W: TS-670 Pro (i7-3770S 16Gig) / TVS-EC1080 (32Gig) TVS-871 (i7-4790S 16Gig)
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.12
Router2: Asus RT-AC68U - DD-WRT v3.0-r39960M kongac
Router3: Linksys WRT1900AC - DD-WRT v3.0-r43028 std
Router4: Asus RT-AC66U - FreshTomato v2021.2

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8Gig) / TS-853 Pro (8Gig) / TS-670 Pro (i7-3770S 16Gig)

Fly100
Getting the hang of things
Posts: 86
Joined: Fri Dec 26, 2008 4:07 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by Fly100 » Fri Apr 23, 2021 5:19 am

saturdaynightyay wrote:
Fri Apr 23, 2021 5:11 am
thanks fly but it doesnt really work for me.

Batch file either freezes like its doing something or flashes on and off for a second.

Sometimes it does a few files but didnt really get anywhere.

We need an SSH guru to give us some commands to run on the nas itself (similar to what the hacker did only reversed)

message me on Skype, i be online for another 20 mins or so

Fly 100 < user name.

syncthing
Know my way around
Posts: 121
Joined: Mon Aug 13, 2018 4:58 pm

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by syncthing » Fri Apr 23, 2021 5:21 am

jaysona wrote:
Fri Apr 23, 2021 5:18 am
There is an agreement that is presented upon the first login to the QTS admin webpage, I am not sure how to access it again, but I am sure it can be found on the NAS somewhere, if anyone case to go looking for it.

There is one posted on the website as well, I am just not certain if the two are the same.
https://www.qnap.com/en/before_buy/con_ ... one&cid=14
this one I also found by a fast google search, but I think it is for the use of their qnap.com website and services

but searching more for it is for sure just a waste of time ...

Post Reply

Return to “Users' Corner”