- Release date: May 21, 2021
- Security ID: QSA-21-12
- Severity: Critical
- Affected products: QNAP NAS running HBS 3
- Status: Resolved
A ransomware campaign targeting QNAP NAS began the week of April 19th, 2021. The ransomware known as Qlocker exploits CVE-2021-28799 to attack QNAP NAS running certain versions of HBS 3 (Hybrid Backup Sync).
Once a NAS is infected, the ransomware moves files on the NAS into password-protected 7z archives. Snapshots are also removed, and users are left with a !!!READ_ME.txt ransom note in each affected folder. To extract the files from the archives, victims would need to enter a password known only to the attacker.
We have already fixed the related vulnerability in the following versions of HBS 3:
- QTS 4.5.2: HBS 3 v16.0.0415 and later
- QTS 4.3.6: HBS 3 v3.0.210412 and later
- QTS 4.3.3 and 4.3.4: HBS 3 v3.0.210411 and later
- QuTS hero h4.5.1: HBS 3 v16.0.0419 and later
- QuTScloud c4.5.1~c4.5.4: HBS 3 v16.0.0419 and later
Recommendation
To prevent infection from Qlocker, we recommend updating HBS 3 to the latest version. To further secure your device, we highly recommend taking the following steps.
Updating HBS 3
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click .
[*]Type “HBS 3 Hybrid Backup Sync” and then press ENTER.[/*]HBS 3 appears in the search results.
[*]Click Update.[/*]A confirmation message appears.
Note: The Update button is not available if your HBS 3 is already up to date.
[*]Click OK.[/*]The application is updated.
Revision History: V1.0 (May 21, 2021) - Published