[RANSOMWARE] Qlocker
- Toxic17
- Ask me anything
- Posts: 6477
- Joined: Tue Jan 25, 2011 11:41 pm
- Location: Planet Earth
- Contact:
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Regards Simon
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
-
- First post
- Posts: 1
- Joined: Fri Apr 23, 2021 2:08 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Same to Us.
Yesterday we got a lot of directories encrypted.
We cannot stop work.
A lot of Big files of video and audio encrypted.
Not possible to bakup same day.
We had to pay by BITCON.
Big ploblem to QNAP.
We study legal actions agains company.
This is a BIG PROBLEM for QNAP.
Many thanks.
Yesterday we got a lot of directories encrypted.
We cannot stop work.
A lot of Big files of video and audio encrypted.
Not possible to bakup same day.
We had to pay by BITCON.
Big ploblem to QNAP.
We study legal actions agains company.
This is a BIG PROBLEM for QNAP.
Many thanks.
- McBride
- Know my way around
- Posts: 107
- Joined: Fri Jun 07, 2013 3:00 pm
- Location: Vienna
[RANSOMWARE] 4/20/2021 - QLOCKER
Do I understand correctly that this “[SECURITY ADVISORY] Hard-Coded Credentials Vulnerability in HBS 3 Hybrid Backup Sync - UPDATE NOW” fixes the issue? And if so, why th is there a hard coded password in a QNAP App? And furthermore, why don’t I get an update for my HBS 3? Just because I can only use 4.3.4 on my TS-469 Pro (yes I know it’s out of service)? My HBS 3 is 3.0.20012 and thus seems to have the vulnerability. Anyone able to help here?
Having a hard coded password in their app seems clearly a case of negligence from QNAP, therefore I would expect them to fix it for everyone, or?
Austria est imperare orbi universo
Having a hard coded password in their app seems clearly a case of negligence from QNAP, therefore I would expect them to fix it for everyone, or?
Austria est imperare orbi universo
- dolbyman
- Guru
- Posts: 35272
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Best to open a ticket with QNAP, we don't have any info on how they will handle EOL NAS updates
-
- New here
- Posts: 5
- Joined: Fri Oct 27, 2017 4:55 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
So I guess my next question is, is it possible this ransomware virus could move to any other computer on your network or is this just affecting qnap devices?
-
- Starting out
- Posts: 19
- Joined: Thu Apr 22, 2021 6:22 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
I found the password in the log file, is there a way to reverse it (e.g. extract the 7z files) in one go?
Cheers
Cheers
-
- Getting the hang of things
- Posts: 65
- Joined: Tue Aug 08, 2017 1:04 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
More than likely just the QNAP. Judging by what the vulnerability is and the fact others have said no other devices have been affected.Great Crouton wrote: ↑Fri Apr 23, 2021 2:59 am So I guess my next question is, is it possible this ransomware virus could move to any other computer on your network or is this just affecting qnap devices?
- jaysona
- Been there, done that
- Posts: 856
- Joined: Tue Dec 02, 2008 11:26 am
- Location: Somewhere in the Great White North
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Good question, answer - because QNAP coders are lazy and incompetent. Additionally, QNAP lacks any sort of robust code review, quality control and robust code release process - there is no legitimate reason to use hard coded credentials for consumer software.McBride wrote: ↑Fri Apr 23, 2021 2:47 am Do I understand correctly that this “[SECURITY ADVISORY] Hard-Coded Credentials Vulnerability in HBS 3 Hybrid Backup Sync - UPDATE NOW” fixes the issue? And if so, why th is there a hard coded password in a QNAP App? And furthermore, why don’t I get an update for my HBS 3? Just because I can only use 4.3.4 on my TS-469 Pro (yes I know it’s out of service)? My HBS 3 is 3.0.20012 and thus seems to have the vulnerability. Anyone able to help here?
Having a hard coded password in their app seems clearly a case of negligence from QNAP, therefore I would expect them to fix it for everyone, or?
Austria est imperare orbi universo
RAID is not a Back-up!
H/W: QNAP TVS-872x (i7-8700. 64GB) (Plex server & encoding host) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6706T (32GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AX86U - Asuswrt-Merlin - 3004.388.6_2
Router2: Asus RT-AC66U - Asuswrt-Merlin - 386.12_6
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
H/W: QNAP TVS-872x (i7-8700. 64GB) (Plex server & encoding host) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6706T (32GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AX86U - Asuswrt-Merlin - 3004.388.6_2
Router2: Asus RT-AC66U - Asuswrt-Merlin - 386.12_6
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
- OneCD
- Guru
- Posts: 12155
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
-
- Getting the hang of things
- Posts: 89
- Joined: Fri Dec 26, 2008 4:07 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
dir /s /b *.7z > allzips.txt
for /F "delims=" %%x in (allzips.txt) do ("C:\Program Files\7-Zip\7z.exe" e -pXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -o"%%~dpx" "%%x")
for /F "delims=" %%x in (allzips.txt) do del "%%x"
A guy earlier in the the thread wrote this Gem, Thank you Sir well played. Could anyone offer advise on it please I can only get it to work if I put the Bat file in the same DIR as the the 7z files, it wont then do any of the sub Dir's in the main dir.
Thank you again to the gent that wrote it.
Hero.
FLY
for /F "delims=" %%x in (allzips.txt) do ("C:\Program Files\7-Zip\7z.exe" e -pXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -o"%%~dpx" "%%x")
for /F "delims=" %%x in (allzips.txt) do del "%%x"
A guy earlier in the the thread wrote this Gem, Thank you Sir well played. Could anyone offer advise on it please I can only get it to work if I put the Bat file in the same DIR as the the 7z files, it wont then do any of the sub Dir's in the main dir.
Thank you again to the gent that wrote it.
Hero.
FLY
-
- New here
- Posts: 5
- Joined: Fri Apr 23, 2021 3:25 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
My NAS restarted. Is there anything I can do? Already checked for the 7z.log file.
Has anyone paid the ransom? Does it work?
Has anyone paid the ransom? Does it work?
- McBride
- Know my way around
- Posts: 107
- Joined: Fri Jun 07, 2013 3:00 pm
- Location: Vienna
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
That’s called gross negligence and can have legal consequences.jaysona wrote:Good question, answer - because QNAP coders are lazy and incompetent. Additionally, QNAP lacks any sort of robust code review, quality control and robust code release process - there is no legitimate reason to use hard coded credentials for consumer software.McBride wrote: ↑Fri Apr 23, 2021 2:47 am Do I understand correctly that this “[SECURITY ADVISORY] Hard-Coded Credentials Vulnerability in HBS 3 Hybrid Backup Sync - UPDATE NOW” fixes the issue? And if so, why th is there a hard coded password in a QNAP App? And furthermore, why don’t I get an update for my HBS 3? Just because I can only use 4.3.4 on my TS-469 Pro (yes I know it’s out of service)? My HBS 3 is 3.0.20012 and thus seems to have the vulnerability. Anyone able to help here?
Having a hard coded password in their app seems clearly a case of negligence from QNAP, therefore I would expect them to fix it for everyone, or?
Austria est imperare orbi universo
Austria est imperare orbi universo
-
- Starting out
- Posts: 19
- Joined: Thu Apr 22, 2021 6:22 pm
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Yes It would be good to get a script that will do everything. Also if you could specify which folder to run the script from?Fly100 wrote: ↑Fri Apr 23, 2021 3:22 am dir /s /b *.7z > allzips.txt
for /F "delims=" %%x in (allzips.txt) do ("C:\Program Files\7-Zip\7z.exe" e -pXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -o"%%~dpx" "%%x")
for /F "delims=" %%x in (allzips.txt) do del "%%x"
A guy earlier in the the thread wrote this Gem, Thank you Sir well played. Could anyone offer advise on it please I can only get it to work if I put the Bat file in the same DIR as the the 7z files, it wont then do any of the sub Dir's in the main dir.
Thank you again to the gent that wrote it.
Hero.
FLY
Cheers
- McBride
- Know my way around
- Posts: 107
- Joined: Fri Jun 07, 2013 3:00 pm
- Location: Vienna
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
FYI, I filed a ticket for an EOL NAS. And now we wait.
Austria est imperare orbi universo
Austria est imperare orbi universo
-
- New here
- Posts: 5
- Joined: Fri Apr 23, 2021 3:25 am
Re: [RANSOMWARE] 4/20/2021 - QLOCKER
Any way to get the process to run again to pull the log file? I tried reversing everything I did after the restart.