This vulnerability referred to is not the Qlocker vulnerability and it was patched before the Qloker outbreak.elvisimprsntr wrote: ↑Mon May 10, 2021 4:11 amMore evidence supporting my decision to never ever buy a QNAP product again and why I am actively migrating my existing QNAP NAS units to TrueNAS. The entire QNAP company from leadership to software engineering are run by a bunch of inept people who could care less about customers once they get their money from the initial purchase. Anyone who still works for them should be disgraced.Napo67 wrote:Qnap knew about these vulnerabilities used by the qlocker for a long time...
https://securingsam.com/new-vulnerabili ... -takeover/
[RANSOMWARE] Qlocker
-
- Easy as a breeze
- Posts: 488
- Joined: Fri Mar 31, 2017 7:09 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
-
- First post
- Posts: 1
- Joined: Wed May 12, 2021 12:40 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
A HUGE warning! We just threw away $2k CAD. We followed all the procedures for sending the increased ransom of 0.03 Bitcoins, but when I went to actually post the transaction ID on their TOR webbrowser, it had logged me out of my client id without telling me, but proceeded to take my money anyway. When I logged back in it was still asking me for payment, so I lost my money and received no key! These criminals are sub-human, despicable creatures who get off on others' pain. Unfortunately my entire life was on my NAS. I am at a loss. QNAP has to be held responsible. They absolutely deserve to be put out of business as a result of thie disgraceful gross negligence on their part.
-
- First post
- Posts: 1
- Joined: Wed May 12, 2021 6:14 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Sounds like a good time to band together for a class action lawsuit for failure to properly protect their product and for the losses we have incurred.
-
- Know my way around
- Posts: 247
- Joined: Thu Feb 27, 2020 1:38 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Truly I understand your frustration and anger. While I believe QNAP needs to get much more serious about how they market and secure their devices I do not think destroying hundreds if not thousands of jobs over this is the right answer.cjlist wrote: ↑Wed May 12, 2021 12:53 am A HUGE warning! We just threw away $2k CAD. We followed all the procedures for sending the increased ransom of 0.03 Bitcoins, but when I went to actually post the transaction ID on their TOR webbrowser, it had logged me out of my client id without telling me, but proceeded to take my money anyway. When I logged back in it was still asking me for payment, so I lost my money and received no key! These criminals are sub-human, despicable creatures who get off on others' pain. Unfortunately my entire life was on my NAS. I am at a loss. QNAP has to be held responsible. They absolutely deserve to be put out of business as a result of thie disgraceful gross negligence on their part.
All that being said I do not understand why, for your life’s effort, you did not have a back up? Anything I consider that valuable in a digital foot print I have backed up 3-2-1 and I have a second fully independent back up from that as well. Things like tax records, high value family photos etc.
I know it is hard to hear but you also had some responsibility to treat such data with the due respect and have a redundant back up plan.
If my house burns down I am still secure with off site back ups, if off site goes down I am secure with local, if all live digital storage goes dead I have a cold storage plan for said data.
Last edited by Skwor on Wed May 12, 2021 6:37 am, edited 1 time in total.
NAS:
TS-453Be
2-4 Gig QNAP ram sticks
1x12 TB Seagate Iron Wolf and 3x12 TB Seagate Exos
Mainly used as a Plex Server and Photo manager (QuMagie is actually pretty good)
WD 12 TB Elements for each hard drive - External HD BU to the NAS movie database and Photos
TS-453Be
2-4 Gig QNAP ram sticks
1x12 TB Seagate Iron Wolf and 3x12 TB Seagate Exos
Mainly used as a Plex Server and Photo manager (QuMagie is actually pretty good)
WD 12 TB Elements for each hard drive - External HD BU to the NAS movie database and Photos
[RANSOMWARE] 4/20/2021 - QLOCKER
https://www.qnap.com/service/product-wa ... pup-terms1brobertson4 wrote:Sounds like a good time to band together for a class action lawsuit for failure to properly protect their product and for the losses we have incurred.
Code: Select all
In no event shall QNAP and its partners or its employees, shareholders, contractors, (and others) assume responsibility for damages (including but not limited to hardware and system damage, loss of data, any other financial loss), interruption of remote support services, or any content obtained through remote support services.
- dolbyman
- Guru
- Posts: 35234
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Don't tell me users did not read the T&C
https://en.wikipedia.org/wiki/HumancentiPad
https://en.wikipedia.org/wiki/HumancentiPad
-
- New here
- Posts: 3
- Joined: Fri Nov 01, 2019 7:10 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
UPDATE on our clients "2" NAS systems locked with QLocker
1. We tried the QLocker unlock posted in Bleeping Computer with no luck
2. We have been in contact with QNAP Support and they did send us a QLocker app to install BUT IT HAS NOT WORKED AND AWAITING QNAP SUPPORT TO RESPOND - 5 DAYS NOW
3. We also contacted the client's insurance company after having a firm look at unlocking the files
4. The firm "https://monstercloud.com/" looked at the project and after paying fee to LOOK at them quoted almost $20,000.00 plus to recover the files with a 97% success rate or no charge.
5. We are waiting for QNAP support to respond before the 30 days expires with Monster Cloud quote to have them do the file recovery and turn it into the clients insurance.
Yes we also read the statement " In no event shall QNAP and its partners or its employees, shareholders, contractors, (and others) assume responsibility for damages (including but not limited to hardware and system damage, loss of data, any other financial loss), interruption of remote support services, or any content obtained through remote support services."
So I told the client that QNAP is at least trying with the QLocker app to do something, but it also shows everyone here what the true value of the clients business data is worth.
1. We tried the QLocker unlock posted in Bleeping Computer with no luck
2. We have been in contact with QNAP Support and they did send us a QLocker app to install BUT IT HAS NOT WORKED AND AWAITING QNAP SUPPORT TO RESPOND - 5 DAYS NOW
3. We also contacted the client's insurance company after having a firm look at unlocking the files
4. The firm "https://monstercloud.com/" looked at the project and after paying fee to LOOK at them quoted almost $20,000.00 plus to recover the files with a 97% success rate or no charge.
5. We are waiting for QNAP support to respond before the 30 days expires with Monster Cloud quote to have them do the file recovery and turn it into the clients insurance.
Yes we also read the statement " In no event shall QNAP and its partners or its employees, shareholders, contractors, (and others) assume responsibility for damages (including but not limited to hardware and system damage, loss of data, any other financial loss), interruption of remote support services, or any content obtained through remote support services."
So I told the client that QNAP is at least trying with the QLocker app to do something, but it also shows everyone here what the true value of the clients business data is worth.
- dolbyman
- Guru
- Posts: 35234
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Those security companies are a joke..all they do is pay the ransom and pocket the rest
-
- Know my way around
- Posts: 247
- Joined: Thu Feb 27, 2020 1:38 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Like dolbyman already stated, that firm you contacted likely already paid the ransom for your files using the info you gave them, somewhere around 500 to 1500 dollars US and has the key already. They are no better than the hackers themselves. Extortion is extortion.livelynet wrote: ↑Wed May 12, 2021 9:55 pm UPDATE on our clients "2" NAS systems locked with QLocker
1. We tried the QLocker unlock posted in Bleeping Computer with no luck
2. We have been in contact with QNAP Support and they did send us a QLocker app to install BUT IT HAS NOT WORKED AND AWAITING QNAP SUPPORT TO RESPOND - 5 DAYS NOW
3. We also contacted the client's insurance company after having a firm look at unlocking the files
4. The firm "https://monstercloud.com/" looked at the project and after paying fee to LOOK at them quoted almost $20,000.00 plus to recover the files with a 97% success rate or no charge.
5. We are waiting for QNAP support to respond before the 30 days expires with Monster Cloud quote to have them do the file recovery and turn it into the clients insurance.
Yes we also read the statement " In no event shall QNAP and its partners or its employees, shareholders, contractors, (and others) assume responsibility for damages (including but not limited to hardware and system damage, loss of data, any other financial loss), interruption of remote support services, or any content obtained through remote support services."
So I told the client that QNAP is at least trying with the QLocker app to do something, but it also shows everyone here what the true value of the clients business data is worth.
NAS:
TS-453Be
2-4 Gig QNAP ram sticks
1x12 TB Seagate Iron Wolf and 3x12 TB Seagate Exos
Mainly used as a Plex Server and Photo manager (QuMagie is actually pretty good)
WD 12 TB Elements for each hard drive - External HD BU to the NAS movie database and Photos
TS-453Be
2-4 Gig QNAP ram sticks
1x12 TB Seagate Iron Wolf and 3x12 TB Seagate Exos
Mainly used as a Plex Server and Photo manager (QuMagie is actually pretty good)
WD 12 TB Elements for each hard drive - External HD BU to the NAS movie database and Photos
-
- Guru
- Posts: 13190
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
So your customer paid that bunch the ransom money and now they're demanding an even larger ransom to unlock the data.livelynet wrote: ↑Wed May 12, 2021 9:55 pm 4. The firm "https://monstercloud.com/" looked at the project and after paying fee to LOOK at them quoted almost $20,000.00 plus to recover the files with a 97% success rate or no charge.
So you have a customer that value their data to more than $20k but they exposed their data storage on the internet AND they have failed to arrange with a viable backup solution to protect their data? I guess their IT manager is now looking for a new employer...So I told the client that QNAP is at least trying with the QLocker app to do something, but it also shows everyone here what the true value of the clients business data is worth.
A home user or very small business owner could be excused for not really having understood the importance of a decent backup solution but any larger business failing to protect their data must be either insane or incompetent.
What's your role in this mess, more than posting here? Are you the reseller that sold them the Qnap?
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
- OneCD
- Guru
- Posts: 12139
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
-
- Easy as a breeze
- Posts: 271
- Joined: Mon Mar 13, 2017 3:33 pm
- Location: Sydney Oz
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Many thanks Steve, Yes we are all in the same boat.. with a tiny paddle !
This may help ..
I tried many things using the NAS IP number but it didn't work. Then I used the NAS name and it worked.
Check..
1. NAS must be connected to LAN.
2. Must have ext drive with folders and files PhotoRec saved.
(There could be many many folder each with about 500 files)
3. Must have ext drive ready to save the files this Filestore script saves.
(It will be nearly every files that was 7z by scammers.
4. Must have Net installed on computer to use Filestore
This is the actual Filestore script Panel..
Good luck
If it works please give Flavio a Donation. I cannot afford much but gave him what I could, although it is worth a lot more.
The Universe will look after him too.
This may help ..
I tried many things using the NAS IP number but it didn't work. Then I used the NAS name and it worked.
Check..
1. NAS must be connected to LAN.
2. Must have ext drive with folders and files PhotoRec saved.
(There could be many many folder each with about 500 files)
3. Must have ext drive ready to save the files this Filestore script saves.
(It will be nearly every files that was 7z by scammers.
4. Must have Net installed on computer to use Filestore
This is the actual Filestore script Panel..
Good luck
If it works please give Flavio a Donation. I cannot afford much but gave him what I could, although it is worth a lot more.
The Universe will look after him too.
You do not have the required permissions to view the files attached to this post.
QNAP TS-231P 2 x 4TB Group 1 RAID 1
QNAP TS-451A 3 x 2 TB Group 1 RAID 5
QNAP TS-451A 3 x 2 TB Group 1 RAID 5
-
- Starting out
- Posts: 17
- Joined: Tue Apr 03, 2012 3:52 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
I got attacked by those buggers too - but luckily could find out the password they used to encrypt my files.
Then i tried a bash script to decrypt all my files, but my script was unstable - so i wrote a Node.js script that decrypts all 7zip archives from an specific directory recursively.
1.) Install Node.js on your Qnap NAS (i did it through Qnapclub's QPKG Store https://qnapclub.eu/en/howto/1)
2.) ssh into your NAS
3.) create a folder somewhere (e.g. `mkdir /share/Public/recover-qlocker`)
4.) copy the files from this gist into the newly created folder (https://gist.github.com/ChiefORZ/4b0826 ... eb5b52f0e3)
5.) go to the folder and install the npm dependencies (`cd /share/Public/recover-qlocker; npm install;`)
6.) edit the .env and paste your 7zip password
7.) go to the folder, where you want to start the recovery (`cd /share/CACHEDEV3_DATA`)
8.) run the script (`node /share/Public/recover-qlocker`)
Then i tried a bash script to decrypt all my files, but my script was unstable - so i wrote a Node.js script that decrypts all 7zip archives from an specific directory recursively.
1.) Install Node.js on your Qnap NAS (i did it through Qnapclub's QPKG Store https://qnapclub.eu/en/howto/1)
2.) ssh into your NAS
3.) create a folder somewhere (e.g. `mkdir /share/Public/recover-qlocker`)
4.) copy the files from this gist into the newly created folder (https://gist.github.com/ChiefORZ/4b0826 ... eb5b52f0e3)
5.) go to the folder and install the npm dependencies (`cd /share/Public/recover-qlocker; npm install;`)
6.) edit the .env and paste your 7zip password
7.) go to the folder, where you want to start the recovery (`cd /share/CACHEDEV3_DATA`)
8.) run the script (`node /share/Public/recover-qlocker`)
... by the way ... was someone hearing about a coming update to PHP ?
-
- Starting out
- Posts: 27
- Joined: Mon Mar 28, 2016 9:56 pm
Attack vector upnp & HBS?
As QNAP is very silent about how the attacker could break into the NAS I have some questions to the community:
1. Was the attack possible due to activated UPNP?
1.1 Is any kind of UPNP enabled by default which could have allowed hackers to breach into my device?
2. Were all myQnapCloud users vulnerable to this attack?
1. Was the attack possible due to activated UPNP?
1.1 Is any kind of UPNP enabled by default which could have allowed hackers to breach into my device?
2. Were all myQnapCloud users vulnerable to this attack?
-
- Guru
- Posts: 13190
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: Attack vector upnp & HBS?
They explained it more than a week ago.theincogtion wrote: ↑Fri May 14, 2021 1:57 am As QNAP is very silent about how the attacker could break into the NAS I have some questions to the community:
UPnP is one possibility but some users have probably opened the ports manually. I think that the overwhelming majority of users, even among those that used UPnP, was aware of their system being exposed on the internet. The problem is that inexperienced users blindly trusted their Qnap to be secure as Qnap didn't warn properly about the inherent risks with internet exposure.1. Was the attack possible due to activated UPNP?
Now Qnap are changing their recommendations to that Qnaps shouldn't be exposed on internet.
I think that UPnP is by default enabled, or at least that the configuration guide lead the user in that direction. But that's just part of the problem. Most home routers have UPnP enabled by default and both are required for it to work so both suppliers are to blame for having insecure defaults.1.1 Is any kind of UPNP enabled by default which could have allowed hackers to breach into my device?
myQNAPcloud unlikely made any difference here. The real problem was the internet exposure in itself in combination with the vulnerability.2. Were all myQnapCloud users vulnerable to this attack?
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!