[RANSOMWARE] Qlocker
-
- New here
- Posts: 2
- Joined: Tue May 25, 2021 9:46 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Édit ; sorry
Last edited by alec59 on Tue May 25, 2021 10:14 pm, edited 1 time in total.
- dolbyman
- Guru
- Posts: 35253
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
this is the wrong thread(Qlocker)...the ransomware infects your NAS ..not your computer
-
- Experience counts
- Posts: 1081
- Joined: Thu Aug 24, 2017 10:28 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Reading the 44 pages would have been a huge waste of time since this thread is about the QLocker ransomware. It's written in capital letters in the title of the thread: QLOCKER.
QLOCKER is not the same as ECHORAIX.
There is a dedicated Echoraix Ransomware support thread on the Bleeping Computer forum:
https://www.bleepingcomputer.com/forums ... ort-topic/
Brace yourself: 56 pages.
The ransomware attacked the NAS, not your PC. It breached the NAS directly from the internet, not going through your PC.- I scanned my PC with a lot of tool ( FRST, Malaware etc...) And I don't found Echoraix virus. It's normal ? how I can be sure there is nothing left ??
Follow these instructions to better protect your NAS now and in the future:
https://www.qnap.com/en/security-advisory/qsa-21-18
https://blog.qnap.com/nas-internet-connect-en/
-
- Experience counts
- Posts: 1081
- Joined: Thu Aug 24, 2017 10:28 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
QNAP has released a tool and instructions to help in recovering lost data:
Manually Install QRescue to recover Qlocker-encrypted files on QNAP NAS
Manually Install QRescue to recover Qlocker-encrypted files on QNAP NAS
-
- New here
- Posts: 3
- Joined: Wed May 26, 2021 10:28 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Hi,
i just noticed all my data has been encrypted too on 21/04/2021. Its also only my QNAP since I don't have the problem on any of my PC or MAC Drives. The QNAP doesn't have the default Admin passwordt so I have no idea what happened. Is there anything I could do to get my files back ? Or how did you folks fix this problem ?
i just noticed all my data has been encrypted too on 21/04/2021. Its also only my QNAP since I don't have the problem on any of my PC or MAC Drives. The QNAP doesn't have the default Admin passwordt so I have no idea what happened. Is there anything I could do to get my files back ? Or how did you folks fix this problem ?
- dolbyman
- Guru
- Posts: 35253
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
the strongest password does not help on exploits and hardcoded credentials .. just read the thread .. and the post just before yours has a possible (partial) solution ..if you are lucky
For the future:
Do not expose your NAS
Backups Backups Backups
For the future:
Do not expose your NAS
Backups Backups Backups
-
- New here
- Posts: 3
- Joined: Wed May 26, 2021 10:28 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
I am not sure I explicitely exposed my NAS. After purchase I immediately changed the admin password + set up the necessary rules to block IP's after 5 failed login attempts. Sadly that didn't help at all. So I'm wondering how it is even possible for a potential hacker to even get in. I'm leaning towards a backdoor or something. Running the tool (which isn't very clear even for a software developer like me). So I hope I can have some of my data back.
- OneCD
- Guru
- Posts: 12147
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
That sounds like exposure to me. If your NAS isn't exposed, there's no-need to establish IP blocking.
-
- Guru
- Posts: 13192
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
There's no need to speculate any more. dolbyman have already told you everything you need but if you're too busy to skim through even a few pages to find out what happened you can read here. Neither strong admin passwords nor even 2FA protect against software vulnerabilities and yes, you had it exposed even if you weren't aware of it (probably through UPnP).
By the way the current brute-force protection is useless against modern brute-force attacks that are coordinated through a botnet so constantly using different source-addresses for the attempts. It doesn't hurt to have it enabled locally in accordance with the defence in depth strategy but it definitely doesn't protect against brute force attacks on the wild internet any more.
As a software developer you should be aware of the importance of external backups, shouldn't you?
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
-
- New here
- Posts: 3
- Joined: Wed May 26, 2021 10:28 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Just so you know ... I am very much aware that in some way my Nas was connected to the internet, I'm just not 100% sure if that is something I have done manueally or was set up by default. And yes I'm very much aware that you should have off-site backups too. But what if my On Site backups AND my Off Site backups were on 2 QNAP NASes then I would have been in big trouble now.
Also something I noticed is that not all of my volumes on my NAS Seem to be affected for some reason. Volume with my TimeMachine backups was not affected, neither was one volume with original media files for some projects. Not sure why only 3 out of the 5 volumes on my NAS were affected. But then again maybe the security measures kicked in at some point and stopped the process.
Anyway ... In the process of using the tools provided to try and recover the data for which I don't have off-site backups or backups on other disks.
Also something I noticed is that not all of my volumes on my NAS Seem to be affected for some reason. Volume with my TimeMachine backups was not affected, neither was one volume with original media files for some projects. Not sure why only 3 out of the 5 volumes on my NAS were affected. But then again maybe the security measures kicked in at some point and stopped the process.
Anyway ... In the process of using the tools provided to try and recover the data for which I don't have off-site backups or backups on other disks.
-
- Guru
- Posts: 13192
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Only if you exposed them both directly on the internet. But you would still have your source files even if both your backups had been compromised by the ransomware.
I run my off-site backups across a site-to-site-VPN since many years and have never been affected by any malware. It's a bit late but at least now everyone that roll their own off-site backups should upgrade it with a VPN-solution regardless of brand or platform used. Hackers get better all the time and unless users start to improve their backup security as well, they will lose data.
As is mentioned in this thread, only files smaller than 20 MByte was encrypted. It's either that or that the ransomware had a bug or that it was interrupted by something like a reboot or an updated Malware Remover running.Also something I noticed is that not all of my volumes on my NAS Seem to be affected for some reason.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
-
- Starting out
- Posts: 38
- Joined: Sun Feb 17, 2008 7:32 pm
- Location: San Diego, CA
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Hi,
FWIW I received yesterday an e-mail from QNAP. I haven't followed through because in my case I assumed my loss and factory reset & format the whole darn QNAP, then recover what I could from my backups.
-----------------------------------------------------------------------------------QNAP email--------------------------------------------------------------------------------------------------------------------------------------------
Dear Users,
You received this email because you've previously contacted QNAP for the Qlocker incident.
As the QNAP technical support staff around the globe worked with affected users to test and purge Qlocker, and to offer our help by all possible means, we've identified a possible way to recover user data from affected QNAP NAS.
Please visit the following link for more information about how to request QNAP-assisted data recovery service. Details for self-servicing your QNAP NAS to attempt recovery of encrypted files can be found with the link as well:
Recover Qlocker-Encrypted Files With QRescue
https://www.qnap.com/static/landing/202 ... dium=email
FWIW I received yesterday an e-mail from QNAP. I haven't followed through because in my case I assumed my loss and factory reset & format the whole darn QNAP, then recover what I could from my backups.
-----------------------------------------------------------------------------------QNAP email--------------------------------------------------------------------------------------------------------------------------------------------
Dear Users,
You received this email because you've previously contacted QNAP for the Qlocker incident.
As the QNAP technical support staff around the globe worked with affected users to test and purge Qlocker, and to offer our help by all possible means, we've identified a possible way to recover user data from affected QNAP NAS.
Please visit the following link for more information about how to request QNAP-assisted data recovery service. Details for self-servicing your QNAP NAS to attempt recovery of encrypted files can be found with the link as well:
Recover Qlocker-Encrypted Files With QRescue
https://www.qnap.com/static/landing/202 ... dium=email
Javier
- dolbyman
- Guru
- Posts: 35253
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
was already posted further up ....
- rafale
- Easy as a breeze
- Posts: 350
- Joined: Tue May 12, 2015 1:53 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Server: TVS-872XT i9 9900 ES, 64GB DDR4 2666MHz, intel X550-T2, Asus RTX3070 Dual OC (On pico PSU), 2x Phison E12 1TB M.2, 4x Micron 5210 7.68TB, 4x WD Purple 4TB
Backup NAS: TS-473 20GB DDR4 2400MHz, Mellanox ConnectX3, 2x Samsung PM871b 256GB M.2, 4x WD Red 8TB
Former units: TVS-1282, TS-871, TS-469
Backup NAS: TS-473 20GB DDR4 2400MHz, Mellanox ConnectX3, 2x Samsung PM871b 256GB M.2, 4x WD Red 8TB
Former units: TVS-1282, TS-871, TS-469
-
- Starting out
- Posts: 19
- Joined: Sun Mar 07, 2021 12:22 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
What happens with Hybrid Backup Sync now?
I wanted to use HBS to sync my OneDrive folders to the QNAP.
I hesitate to install it after this incident.
However, I didn't find other software that can be installed on the QNAP and could sync MS OneDrive.
Any ideas?
I wanted to use HBS to sync my OneDrive folders to the QNAP.
I hesitate to install it after this incident.
However, I didn't find other software that can be installed on the QNAP and could sync MS OneDrive.
Any ideas?