QNAP NAS devices once again became viable victims of a new cyberattack campaign launched by the operators of Qlocker ransomware group...

Continue reading
QNAP Network Attached Storage (NAS) devices which have been repeatedly internet exposed, have yet again reportedly been targeted by the operators of Qlocker ransomware in a brand new attack campaign of 2022.
This time around, the ransomware campaign started on January 6 run by Qlocker is easily distinguishable through the ransom note labeled as operators leaving a ransom note !!!READ_ME.txt on compromised devices.

The traces of ToR site addresses were also found in those ransom notes from Qlocker (gvka2m4qt5fod2fltkjmdk4gxh5oxemhpgmnmtjptms6fkgfzdd62tad.onion) as it tricked them into visiting in order to gain more information on how much they will have to shell out for restoring their infected files. According to BleepingComputer, ToR sites have started displaying ransom demands ranging between 0.02 and 0.03 bitcoins ever since the new campaign kicked off.

While it hasn't been too long since Qlocker 2 emerged with its new campaign with dozens of ransom notes and encrypted files left behind and received by the ID-Ransomware service from affected QNAP users. And with the ongoing investigation still underway, QNAP rolled out a few best practices for its users as they request all to implement in order to secure their NAS devices from any similar cyberattacks in the near future.

QNAP NAS users had also experienced similar scenarios in the past due to Qlocker ransomware group in a targeted ransomware campaign outbroke on April 19, migrating all the files of users before deployment of ransomware within a password-protected 7-zip archive with the .7z extension. The NAS maker had discovered the active exploitation of the CVE-2021-28799 hard-coded credentials vulnerability in the HBS 3 Hybrid Backup Sync app for breaking into the devices & locking the files it contains.
Last year, Qlocker operators already extorted the users of QNAP NAS even before the company could raise the alarm of the ransomware attack campaign being targeted to them. Throughout this ransomware campaign, the NAS users had lost around $350,000 within a single month following the ransom payment of 0.01 bitcoins (worth approximately $500 at the time) to receive the decryption key for restoring their infected data.
Even the Qlocler has been there for a while; however, they aren't the only malicious cyber predators targeting QNAP NAS devices. And the same can be established by looking back at the rise of ech0raix ransomware attacks right before Christmas.
Besides, ech0raix aka QNAPCrypt also reportedly targeted QNAP NAS devices earlier this month in an ongoing ransomware and brute-force attacks by disabling Port Forwarding on their routers & UPnP function their devices.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation