Qlocker Ransomware

Summary

A ransomware campaign targeting QNAP NAS began the week of April 19th, 2021. The ransomware known as Qlocker exploits CVE-2021-28799 to attack QNAP NAS running certain versions of HBS 3 (Hybrid Backup Sync).

Once a NAS is infected, the ransomware moves files on the NAS into password-protected 7z archives. Snapshots are also removed, and users are left with a !!!READ_ME.txt ransom note in each affected folder. To extract the files from the archives, victims would need to enter a password known only to the attacker.

We have already fixed the related vulnerability in the following versions of HBS 3:

• QTS 4.5.2: HBS 3 v16.0.0415 and later
• QTS 4.3.6: HBS 3 v3.0.210412 and later
• QTS 4.3.3 and 4.3.4: HBS 3 v3.0.210411 and later
• QuTS hero h4.5.1: HBS 3 v16.0.0419 and later
• QuTScloud c4.5.1~c4.5.4: HBS 3 v16.0.0419 and later

QNAP NAS running HBS 2 and HBS 1.3 are not affected.

Recommendation

To prevent infection from Qlocker, we recommend updating HBS 3 to the latest version. To further secure your device, we highly recommend taking the following steps.

Updating HBS 3

1. Log on to QTS or QuTS hero as administrator.
2. Open the App Center and then click .

A search box appears.

HBS 3 appears in the search results.

A confirmation message appears.

Note: The Update button is not available if your HBS 3 is already up to date.

The application is updated.