Hackers behind Qlocker Ransomware made $260,000 in 5 days!! To your surprise, this was just earned by simply remotely encrypting files on QNAP devices using the 7zip archive program.
When did the attack happen?
On Monday, the QNAP NAS users worldwide suddenly found their files encrypted after a ransomware operation called Qlocker exploited vulnerabilities on their devices.
What was Qlocker’s key?
The Qlocker gang has examined all the QNAP devices connected to the Internet and misused them using the recently disclosed vulnerabilities. These activities allowed the threat actors to remotely execute the 7zip archival utility to password protect all the files on the victim’s NAS storage devices.
This is the most straightforward and easy approach followed to encrypt thousands of files! That too to return so much of money.
The price demanded on the ransom attack:
The regular payment ranges from $100,000 to $50 million to decrypt all of a victim’s devices and not leak their stolen data. But, Qlocker has consumers and small-to-medium business owners utilizing QNAP NAS devices for network storage. So, due to the larger audience, the threat actors knew their targets well as they priced their ransom demands at only 0.01 Bitcoins, or at today’s Bitcoin prices, approximately $500.
Paying $500 can be seen as a small price to pay to recover important files, no matter how violated a victim may feel. Qlocker made almost $260,000 in these five days this way!
The 20 bitcoin addresses, shown below, have received ransom payments totalling 5.25735623 Bitcoins. This amount is equivalent to approximately $258,494.
| Bitcoin Address | Total Bitcoin payments |
| 34vbPQLgGZwKG2FikitGU6QR7K25aB6Shh | 0.5521622 |
| 37m57HiP5rPceopgEWF9sM58CkzaDFYtaU | 0.14021317 |
| 3Ekwztte7oWR1odC1eKeL2Va4cpBuGXPgU | 0.09962125 |
| 3EPBKN3bcax81U3MdKYUhMC1fzFEFGPC6E | 0.10915462 |
| 3EvCKQ38y8ePUwM4w49XWVtAK7KhYbmeMH | 0.34801656 |
| 3FvLioiqF2TrQgZ9zRMdd7QUfc2hTjKZfL | 0.08951304 |
| 3FXVLv8TmcHNmnfwLfc5g7f2a32xp3XugW | 0.38088464 |
| 3G6fbWX6At9uRzKf6kwS6R6pn5EQ8UsxKY | 0.16983215 |
| 3GfAJxhUen3oqb4sDDnPmXyhs5mDboHbyG | 0.46134513 |
| 3JRdPjB8U3nfDqQHzTqw9yYra49Gsd8Rar | 0.40133268 |
| 3KmK5z4CAvn3aL4Q8F2gWbhuPRy9ZmEurN | 0.29910901 |
| 3Kywg92E877KUWmyaeeLNSXFc5bqBvFbAm | 0.48277236 |
| 3LLzycFNFh7mDsqRhfknfGBa6TKq6HcfwS | 0.3190132 |
| 3Lp1NkJHYsmFRBfM3ggoWsS1PF5hXxrwrD | 0.32386846 |
| 3PDfzkTnD1E7gB7peZ2prRyDxjQ1BhqcV1 | 0.1402 |
| 3PunvFGpVWLX7PNAoT3bMDbPQU2QQW4kxN | 0.15954 |
| 3Q8WmjQyFs1EKCdu415t2P9cxY7AbqorPd | 0.40031185 |
| 3EWRngsRDhCxMHtKxeK6k9kX3pyWZSA2YB | 0.13081244 |
| 3Gwz3yVmrGr5AqmUrAS8H2QQaPz2v9Rhpx | 0.15965435 |
| 3JtUAz4aKUrjcBK47ocdv52tTJkriat1nx | 0.08999912 |
This ransomware campaign is an ongoing progress, where we see new victims every day. It is crucial here that all QNAP users must update the latest versions of the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps to fix the vulnerabilities and protect against these ransomware attacks. It is not just about the money, it is also about the morals, ethics, and values behind this!.
You can follow us on Linkedin, Twitter, Facebook for daily Cyber security and hacking news updates.
