[SECURITY ADVISORY] Qlocker Ransomware

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply
User avatar
Toxic17
Ask me anything
Posts: 6469
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

[SECURITY ADVISORY] Qlocker Ransomware

Post by Toxic17 »

  • Release date: May 21, 2021
  • Security ID: QSA-21-12
  • Severity: Critical
  • Affected products: QNAP NAS running HBS 3
  • Status: Resolved
Summary
A ransomware campaign targeting QNAP NAS began the week of April 19th, 2021. The ransomware known as Qlocker exploits CVE-2021-28799 to attack QNAP NAS running certain versions of HBS 3 (Hybrid Backup Sync).

Once a NAS is infected, the ransomware moves files on the NAS into password-protected 7z archives. Snapshots are also removed, and users are left with a !!!READ_ME.txt ransom note in each affected folder. To extract the files from the archives, victims would need to enter a password known only to the attacker.

We have already fixed the related vulnerability in the following versions of HBS 3:
  • QTS 4.5.2: HBS 3 v16.0.0415 and later
  • QTS 4.3.6: HBS 3 v3.0.210412 and later
  • QTS 4.3.3 and 4.3.4: HBS 3 v3.0.210411 and later
  • QuTS hero h4.5.1: HBS 3 v16.0.0419 and later
  • QuTScloud c4.5.1~c4.5.4: HBS 3 v16.0.0419 and later
QNAP NAS running HBS 2 and HBS 1.3 are not affected.

Recommendation
To prevent infection from Qlocker, we recommend updating HBS 3 to the latest version. To further secure your device, we highly recommend taking the following steps.

Updating HBS 3
  1. Log on to QTS or QuTS hero as administrator.
  2. Open the App Center and then click Image.
A search box appears.
[*]Type “HBS 3 Hybrid Backup Sync” and then press ENTER.[/*]HBS 3 appears in the search results.
[*]Click Update.[/*]A confirmation message appears.
Note: The Update button is not available if your HBS 3 is already up to date.
[*]Click OK.[/*]The application is updated.

Revision History: V1.0 (May 21, 2021) - Published
Post Reply

Return to “Users' Corner”