Thousands of vulnerable QNAP NAS devices in the wild are targeted by a ransomware group, encrypting the files on users’ NAS drives using the 7zip archive solution. The remote attacks are so successful that the threat actors behind it, the Qlocker ransomware group, have earned over $260,000 in Bitcoin within five days of operation.
Remote QNAP NAS Devices Under Attack
As we think the ransomware groups have shifted from home users to corporates for lumpsum payments, one group called Qlocker ransomware targets individuals with a simple plan. As per BleepingComputer, the Qlocker ransomware group remotely exploits vulnerabilities in QNAP NAS devices since early this week.
The aim is to encrypt files in users’ devices ultimately and demand a ransom for the decrypting key. But the mechanism followed is what made Qlocker ransomware typical. The group is encrypting the victim’s files with 7zip archiving software, rather than any specially crafted malware as others.
And to find the target devices, they’re just scanning the internet for online connected QNAP NAS devices and exploiting them using recently disclosed vulnerabilities. With the help of a time-tested encryption algorithm in 7zip, the threat actors were able to encrypt thousands of QNAP NAS devices this week alone.
But that’s not all. A ransomware campaign isn’t successful until the victim is forced into paying the requisite ransom. Since targeting the individuals, Qlocker has set the ransom demand to a mere 0.01 Bitcoin ($500), which seemed affordable to many as Qlocker earned nearly $260,000 in Bitcoin in just 5 days of operation.
The campaign is a hit since the wallets receiving the ransom have a regular flow of payments and continue to grow, tracked by Jack Cable, a security researcher and BleepingComputer. So, users are urged to secure their QNAP NAS devices as immediately as possible.