[RANSOMWARE] 4/20/2021 - QLOCKER

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
rp333
First post
Posts: 1
Joined: Sun Oct 25, 2020 1:34 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by rp333 » Mon May 10, 2021 12:20 am

I never played with BC, any good guide or way on how to transfer BC to these hackers?

Thoughts? Is there a possibility that after sometime they dismantle this hackers group and folks who did not pay, may not be able to get password even if they want it then? or once they collect enough $ they may just release password for all users online?

Like many users, i also had UPnP enabled on router however no specific port forward. I think my system was compromosed on 4/22 and when i logged in around 5/4, system popped me to reload and apply new firmware...i blindly did that and reloaded system. I think QNAP is at big fault here.. they should have copied password that was saved in system before reload and firmware update.. afterall it came through their app too.

Napo67
New here
Posts: 7
Joined: Sat Sep 05, 2015 6:58 pm

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by Napo67 » Mon May 10, 2021 1:49 am

Qnap knew about these vulnerabilities used by the qlocker for a long time...

https://securingsam.com/new-vulnerabili ... -takeover/

elvisimprsntr

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by elvisimprsntr » Mon May 10, 2021 4:11 am

Napo67 wrote:Qnap knew about these vulnerabilities used by the qlocker for a long time...

https://securingsam.com/new-vulnerabili ... -takeover/
More evidence supporting my decision to never ever buy a QNAP product again and why I am actively migrating my existing QNAP NAS units to TrueNAS. The entire QNAP company from leadership to software engineering are run by a bunch of inept people who could care less about customers once they get their money from the initial purchase. Anyone who still works for them should be disgraced.

QNAPDanielFL
Easy as a breeze
Posts: 349
Joined: Fri Mar 31, 2017 7:09 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by QNAPDanielFL » Tue May 11, 2021 1:26 am

elvisimprsntr wrote:
Mon May 10, 2021 4:11 am
Napo67 wrote:Qnap knew about these vulnerabilities used by the qlocker for a long time...

https://securingsam.com/new-vulnerabili ... -takeover/
More evidence supporting my decision to never ever buy a QNAP product again and why I am actively migrating my existing QNAP NAS units to TrueNAS. The entire QNAP company from leadership to software engineering are run by a bunch of inept people who could care less about customers once they get their money from the initial purchase. Anyone who still works for them should be disgraced.
This vulnerability referred to is not the Qlocker vulnerability and it was patched before the Qloker outbreak.

cjlist
First post
Posts: 1
Joined: Wed May 12, 2021 12:40 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by cjlist » Wed May 12, 2021 12:53 am

A HUGE warning! We just threw away $2k CAD. We followed all the procedures for sending the increased ransom of 0.03 Bitcoins, but when I went to actually post the transaction ID on their TOR webbrowser, it had logged me out of my client id without telling me, but proceeded to take my money anyway. When I logged back in it was still asking me for payment, so I lost my money and received no key! These criminals are sub-human, despicable creatures who get off on others' pain. Unfortunately my entire life was on my NAS. I am at a loss. QNAP has to be held responsible. They absolutely deserve to be put out of business as a result of thie disgraceful gross negligence on their part.

brobertson4
First post
Posts: 1
Joined: Wed May 12, 2021 6:14 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by brobertson4 » Wed May 12, 2021 6:18 am

Sounds like a good time to band together for a class action lawsuit for failure to properly protect their product and for the losses we have incurred.

Skwor
Know my way around
Posts: 159
Joined: Thu Feb 27, 2020 1:38 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by Skwor » Wed May 12, 2021 6:26 am

cjlist wrote:
Wed May 12, 2021 12:53 am
A HUGE warning! We just threw away $2k CAD. We followed all the procedures for sending the increased ransom of 0.03 Bitcoins, but when I went to actually post the transaction ID on their TOR webbrowser, it had logged me out of my client id without telling me, but proceeded to take my money anyway. When I logged back in it was still asking me for payment, so I lost my money and received no key! These criminals are sub-human, despicable creatures who get off on others' pain. Unfortunately my entire life was on my NAS. I am at a loss. QNAP has to be held responsible. They absolutely deserve to be put out of business as a result of thie disgraceful gross negligence on their part.
Truly I understand your frustration and anger. While I believe QNAP needs to get much more serious about how they market and secure their devices I do not think destroying hundreds if not thousands of jobs over this is the right answer.

All that being said I do not understand why, for your life’s effort, you did not have a back up? Anything I consider that valuable in a digital foot print I have backed up 3-2-1 and I have a second fully independent back up from that as well. Things like tax records, high value family photos etc.

I know it is hard to hear but you also had some responsibility to treat such data with the due respect and have a redundant back up plan.

If my house burns down I am still secure with off site back ups, if off site goes down I am secure with local, if all live digital storage goes dead I have a cold storage plan for said data.
Last edited by Skwor on Wed May 12, 2021 6:37 am, edited 1 time in total.
NAS:
TS-453Be
2-4 Gig QNAP ram sticks
1x12 TB Seagate Iron Wolf and 3x12 TB Seagate Exos
Mainly used as a Plex Server and Photo manager (QuMagie is actually pretty good)

WD 12 TB Elements for each hard drive - External HD BU to the NAS movie database and Photos

elvisimprsntr

[RANSOMWARE] 4/20/2021 - QLOCKER

Post by elvisimprsntr » Wed May 12, 2021 6:36 am

brobertson4 wrote:Sounds like a good time to band together for a class action lawsuit for failure to properly protect their product and for the losses we have incurred.
https://www.qnap.com/service/product-wa ... pup-terms1

Code: Select all

 In no event shall QNAP and its partners or its employees, shareholders, contractors, (and others) assume responsibility for damages (including but not limited to hardware and system damage, loss of data, any other financial loss), interruption of remote support services, or any content obtained through remote support services.
Good luck with that!

User avatar
dolbyman
Guru
Posts: 23170
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by dolbyman » Wed May 12, 2021 7:17 am

Don't tell me users did not read the T&C
https://en.wikipedia.org/wiki/HumancentiPad

livelynet
New here
Posts: 2
Joined: Fri Nov 01, 2019 7:10 pm

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by livelynet » Wed May 12, 2021 9:55 pm

UPDATE on our clients "2" NAS systems locked with QLocker

1. We tried the QLocker unlock posted in Bleeping Computer with no luck :(
2. We have been in contact with QNAP Support and they did send us a QLocker app to install BUT IT HAS NOT WORKED AND AWAITING QNAP SUPPORT TO RESPOND - 5 DAYS NOW
3. We also contacted the client's insurance company after having a firm look at unlocking the files
4. The firm "https://monstercloud.com/" looked at the project and after paying fee to LOOK at them quoted almost $20,000.00 plus to recover the files with a 97% success rate or no charge.
5. We are waiting for QNAP support to respond before the 30 days expires with Monster Cloud quote to have them do the file recovery and turn it into the clients insurance.

Yes we also read the statement " In no event shall QNAP and its partners or its employees, shareholders, contractors, (and others) assume responsibility for damages (including but not limited to hardware and system damage, loss of data, any other financial loss), interruption of remote support services, or any content obtained through remote support services."

So I told the client that QNAP is at least trying with the QLocker app to do something, but it also shows everyone here what the true value of the clients business data is worth.

User avatar
dolbyman
Guru
Posts: 23170
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by dolbyman » Wed May 12, 2021 10:10 pm

Those security companies are a joke..all they do is pay the ransom and pocket the rest

Skwor
Know my way around
Posts: 159
Joined: Thu Feb 27, 2020 1:38 am

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by Skwor » Wed May 12, 2021 11:44 pm

livelynet wrote:
Wed May 12, 2021 9:55 pm
UPDATE on our clients "2" NAS systems locked with QLocker

1. We tried the QLocker unlock posted in Bleeping Computer with no luck :(
2. We have been in contact with QNAP Support and they did send us a QLocker app to install BUT IT HAS NOT WORKED AND AWAITING QNAP SUPPORT TO RESPOND - 5 DAYS NOW
3. We also contacted the client's insurance company after having a firm look at unlocking the files
4. The firm "https://monstercloud.com/" looked at the project and after paying fee to LOOK at them quoted almost $20,000.00 plus to recover the files with a 97% success rate or no charge.
5. We are waiting for QNAP support to respond before the 30 days expires with Monster Cloud quote to have them do the file recovery and turn it into the clients insurance.

Yes we also read the statement " In no event shall QNAP and its partners or its employees, shareholders, contractors, (and others) assume responsibility for damages (including but not limited to hardware and system damage, loss of data, any other financial loss), interruption of remote support services, or any content obtained through remote support services."

So I told the client that QNAP is at least trying with the QLocker app to do something, but it also shows everyone here what the true value of the clients business data is worth.
Like dolbyman already stated, that firm you contacted likely already paid the ransom for your files using the info you gave them, somewhere around 500 to 1500 dollars US and has the key already. They are no better than the hackers themselves. Extortion is extortion.
NAS:
TS-453Be
2-4 Gig QNAP ram sticks
1x12 TB Seagate Iron Wolf and 3x12 TB Seagate Exos
Mainly used as a Plex Server and Photo manager (QuMagie is actually pretty good)

WD 12 TB Elements for each hard drive - External HD BU to the NAS movie database and Photos

P3R
Guru
Posts: 12662
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by P3R » Thu May 13, 2021 4:06 am

livelynet wrote:
Wed May 12, 2021 9:55 pm
4. The firm "https://monstercloud.com/" looked at the project and after paying fee to LOOK at them quoted almost $20,000.00 plus to recover the files with a 97% success rate or no charge.
So your customer paid that bunch the ransom money and now they're demanding an even larger ransom to unlock the data. :-0
So I told the client that QNAP is at least trying with the QLocker app to do something, but it also shows everyone here what the true value of the clients business data is worth.
So you have a customer that value their data to more than $20k but they exposed their data storage on the internet AND they have failed to arrange with a viable backup solution to protect their data? I guess their IT manager is now looking for a new employer...

A home user or very small business owner could be excused for not really having understood the importance of a decent backup solution but any larger business failing to protect their data must be either insane or incompetent.

What's your role in this mess, more than posting here? Are you the reseller that sold them the Qnap?
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!

User avatar
OneCD
Ask me anything
Posts: 9061
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by OneCD » Thu May 13, 2021 4:41 am

P3R wrote:
Thu May 13, 2021 4:06 am
A home user or very small business owner could be excused for not really having understood the importance of a decent backup solution but any larger business failing to protect their data must be either insane or incompetent.
+1

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage

ozstar
Know my way around
Posts: 195
Joined: Mon Mar 13, 2017 3:33 pm

Re: [RANSOMWARE] 4/20/2021 - QLOCKER

Post by ozstar » Thu May 13, 2021 8:07 am

Many thanks Steve, Yes we are all in the same boat.. with a tiny paddle !

This may help ..

I tried many things using the NAS IP number but it didn't work. Then I used the NAS name and it worked.

Check..

1. NAS must be connected to LAN.

2. Must have ext drive with folders and files PhotoRec saved.
(There could be many many folder each with about 500 files)

3. Must have ext drive ready to save the files this Filestore script saves.
(It will be nearly every files that was 7z by scammers.

4. Must have Net installed on computer to use Filestore

This is the actual Filestore script Panel..
Filestore Panel-tutor.jpg

Good luck
:-)

If it works please give Flavio a Donation. I cannot afford much but gave him what I could, although it is worth a lot more.

The Universe will look after him too.
You do not have the required permissions to view the files attached to this post.

Post Reply

Return to “Users' Corner”