QNAP: Qlocker ransomware infected users via HBS 3
The Qlocker ransomware attack that affected users of QNAP systems in late April was through a leak in certain versions of Hybrid Backup Sync. The manufacturer has fixed the leak and advises users to update to the latest version.
According to QNAP, the ransomware campaign via the HBS 3 leak began in the week of April 19 and exploited vulnerabilities in several versions of Hybrid Backup Sync. NAS systems still running HBS 2 and HBS 1.3 would not be affected.
After infection, Qlocker moved files in password-protected 7z archives and a text file gave instructions on how to restore access. After payment to the hostage takers, victims were given a password to access the files. QNAP advises users to update HBS 3 to the latest version to avoid further issues.
The company already announced at the end of April that vulnerabilities in HBS 3 had been fixed, but QNAP did not make the link with the ransomware in that announcement. On the same day, the company did warn about the ransomware attack and advised the company to install the latest version of Malware Remover and to perform updates for Multimedia Console, Media Streaming Add-on and Hybrid Backup Sync.
According to Bleeping Computer, hundreds of QNAP users have been affected by the ransomware malware and more than $ 350,000 have been paid in total. The criminals demanded 0.01 bitcoin, currently converted 334 euros, to provide the password. The Tor site to get the key was online for a limited time.
QNAP has addressed vulnerabilities in the following versions of HBS 3: |
QTS 4.5.2: HBS 3 v16.0.0415 and later |
QTS 4.3.6: HBS 3 v3.0.210412 and later |
QTS 4.3.3 and 4.3.4: HBS 3 v3.0.210411 and later |
QuTS hero h4.5.1: HBS 3 v16.0.0419 and later |
QuTScloud c4.5.1 ~ c4.5.4: HBS 3 v16.0.0419 and later |