[RANSOMWARE] Qlocker

[Toxic17]

I've posted an update from QNAP on the forums.

viewtopic.php?f=142&t=160886

[CARLOS CYO]

Same to Us.
Yesterday we got a lot of directories encrypted.
We cannot stop work.
A lot of Big files of video and audio encrypted.
Not possible to bakup same day.
We had to pay by BITCON.
Big ploblem to QNAP.
We study legal actions agains company.
This is a BIG PROBLEM for QNAP.
Many thanks.

[McBride]

Do I understand correctly that this “[SECURITY ADVISORY] Hard-Coded Credentials Vulnerability in HBS 3 Hybrid Backup Sync - UPDATE NOW” fixes the issue? And if so, why th is there a hard coded password in a QNAP App? And furthermore, why don’t I get an update for my HBS 3? Just because I can only use 4.3.4 on my TS-469 Pro (yes I know it’s out of service)? My HBS 3 is 3.0.20012 and thus seems to have the vulnerability. Anyone able to help here?
Having a hard coded password in their app seems clearly a case of negligence from QNAP, therefore I would expect them to fix it for everyone, or?


Austria est imperare orbi universo

[dolbyman]

Best to open a ticket with QNAP, we don't have any info on how they will handle EOL NAS updates

[Great Crouton]

So I guess my next question is, is it possible this ransomware virus could move to any other computer on your network or is this just affecting qnap devices?

[saturdaynightyay]

I found the password in the log file, is there a way to reverse it (e.g. extract the 7z files) in one go?

Cheers

[jbennett360]

So I guess my next question is, is it possible this ransomware virus could move to any other computer on your network or is this just affecting qnap devices?

More than likely just the QNAP. Judging by what the vulnerability is and the fact others have said no other devices have been affected.

[jaysona]

Do I understand correctly that this “[SECURITY ADVISORY] Hard-Coded Credentials Vulnerability in HBS 3 Hybrid Backup Sync - UPDATE NOW” fixes the issue? And if so, why th is there a hard coded password in a QNAP App? And furthermore, why don’t I get an update for my HBS 3? Just because I can only use 4.3.4 on my TS-469 Pro (yes I know it’s out of service)? My HBS 3 is 3.0.20012 and thus seems to have the vulnerability. Anyone able to help here?
Having a hard coded password in their app seems clearly a case of negligence from QNAP, therefore I would expect them to fix it for everyone, or?


Austria est imperare orbi universo

Good question, answer - because QNAP coders are lazy and incompetent. Additionally, QNAP lacks any sort of robust code review, quality control and robust code release process - there is no legitimate reason to use hard coded credentials for consumer software.

[OneCD]

... there is no legitimate reason to use hard coded credentials for consumer software.

+1

[Fly100]

dir /s /b *.7z > allzips.txt
for /F "delims=" %%x in (allzips.txt) do ("C:\Program Files\7-Zip\7z.exe" e -pXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -o"%%~dpx" "%%x")
for /F "delims=" %%x in (allzips.txt) do del "%%x"

A guy earlier in the the thread wrote this Gem, Thank you Sir well played. Could anyone offer advise on it please I can only get it to work if I put the Bat file in the same DIR as the the 7z files, it wont then do any of the sub Dir's in the main dir.

Thank you again to the gent that wrote it.

Hero.

FLY

[jonezed7]

My NAS restarted. Is there anything I can do? Already checked for the 7z.log file.

Has anyone paid the ransom? Does it work?

[McBride]

Do I understand correctly that this “[SECURITY ADVISORY] Hard-Coded Credentials Vulnerability in HBS 3 Hybrid Backup Sync - UPDATE NOW” fixes the issue? And if so, why th is there a hard coded password in a QNAP App? And furthermore, why don’t I get an update for my HBS 3? Just because I can only use 4.3.4 on my TS-469 Pro (yes I know it’s out of service)? My HBS 3 is 3.0.20012 and thus seems to have the vulnerability. Anyone able to help here?
Having a hard coded password in their app seems clearly a case of negligence from QNAP, therefore I would expect them to fix it for everyone, or?


Austria est imperare orbi universo

Good question, answer - because QNAP coders are lazy and incompetent. Additionally, QNAP lacks any sort of robust code review, quality control and robust code release process - there is no legitimate reason to use hard coded credentials for consumer software.

That’s called gross negligence and can have legal consequences.


Austria est imperare orbi universo

[saturdaynightyay]

dir /s /b *.7z > allzips.txt
for /F "delims=" %%x in (allzips.txt) do ("C:\Program Files\7-Zip\7z.exe" e -pXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -o"%%~dpx" "%%x")
for /F "delims=" %%x in (allzips.txt) do del "%%x"

A guy earlier in the the thread wrote this Gem, Thank you Sir well played. Could anyone offer advise on it please I can only get it to work if I put the Bat file in the same DIR as the the 7z files, it wont then do any of the sub Dir's in the main dir.

Thank you again to the gent that wrote it.

Hero.

FLY

Yes It would be good to get a script that will do everything. Also if you could specify which folder to run the script from?

Cheers

[McBride]

FYI, I filed a ticket for an EOL NAS. And now we wait.


Austria est imperare orbi universo

[jonezed7]

Any way to get the process to run again to pull the log file? I tried reversing everything I did after the restart.