Security ID : QSA-21-12
Qlocker Ransomware
Release date : May 21, 2021
Affected products: QNAP NAS running HBS 3
Severity
Critical
Status
Resolved
Summary
A ransomware campaign targeting QNAP NAS began the week of April 19th, 2021. The ransomware known as Qlocker exploits CVE-2021-28799 to attack QNAP NAS running certain versions of HBS 3 (Hybrid Backup Sync).
Once a NAS is infected, the ransomware moves files on the NAS into password-protected 7z archives. Snapshots are also removed, and users are left with a !!!READ_ME.txt ransom note in each affected folder. To extract the files from the archives, victims would need to enter a password known only to the attacker.
We have already fixed the related vulnerability in the following versions of HBS 3:
- QTS 4.5.2: HBS 3 v16.0.0415 and later
- QTS 4.3.6: HBS 3 v3.0.210412 and later
- QTS 4.3.3 and 4.3.4: HBS 3 v3.0.210411 and later
- QuTS hero h4.5.1: HBS 3 v16.0.0419 and later
- QuTScloud c4.5.1~c4.5.4: HBS 3 v16.0.0419 and later
QNAP NAS running HBS 2 and HBS 1.3 are not affected.
Recommendation
To prevent infection from Qlocker, we recommend updating HBS 3 to the latest version. To further secure your device, we highly recommend taking the following steps.
Updating HBS 3
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click .
A search box appears.
HBS 3 appears in the search results.
A confirmation message appears.
Note: The Update button is not available if your HBS 3 is already up to date.
The application is updated.
Revision History: V1.0 (May 21, 2021) - Published