:strip_exif()/i/2004006800.jpeg?fit=%2C&ssl=1)
The Qlocker ransomware attack that affected users of QNAP systems in late April was through a leak in certain versions of Hybrid Backup Sync. The manufacturer has fixed the leak and advises users to update to the latest version.
According to QNAP started the ransomware campaign via the HBS 3 leak in the week of April 19, exploiting vulnerabilities in several versions of Hybrid Backup Sync. NAS systems still running HBS 2 and HBS 1.3 would not be affected.
After infection, Qlocker moved files in password-protected 7z archives and a text file gave instructions on how to restore access. After payment to the hostage takers, victims were given a password to access the files. QNAP advises users to update HBS 3 to the latest version to avoid further issues.
The company already announced at the end of April that vulnerabilities in HBS 3 were poem, but QNAP did not link it to the ransomware in that announcement. Well warned the company on the same day for the ransomware attack and then advised the company to install the latest version of Malware Remover and update Multimedia Console, Media Streaming Add-on and Hybrid Backup Sync.
According to Bleeping Computer Hundreds of QNAP users have been affected by the ransomware and more than $ 350,000 have been paid in total. The criminals demanded 0.01 bitcoin, currently converted 334 euros, to provide the password. The Tor site to get the key was online for a limited time.
| QNAP has addressed vulnerabilities in the following versions of HBS 3: |
| QTS 4.5.2: HBS 3 v16.0.0415 and later |
| QTS 4.3.6: HBS 3 v3.0.210412 and later |
| QTS 4.3.3 and 4.3.4: HBS 3 v3.0.210411 en later |
| QuTS hero h4.5.1: HBS 3 v16.0.0419 en later |
| QuTScloud c4.5.1~c4.5.4: HBS 3 v16.0.0419 en later |
—
