Ransomware Qlocker still dangerous – you can lose your files

No access to company documents, family photos and videos saved on a NAS server, but instead a drive filled with zipped 7zip files and a text document with a ransom demand – these are the signs of the Qlocker ransomware attack. Unfortunately, rescue options are few. The ransom reaches several thousand zlotys, and trying to solve the problem on your own can only make the situation worse. Recently, ESET experts received another notification, this time from a resident of Poznan who fell victim to the attack.

Kaseya – German and Swedish companies suffered from cyber attack

The problem faced by the victim of the aforementioned encryption threat was revealed by the need to use archived files that were located on the home QNAP NAS server. Unfortunately, this was not possible – all private photos, videos, as well as company documents were blocked. The server owner was unable to access his data in any way, which was encrypted using the 7zip archiver, the same one used by many Internet users. The only file available was a text document named . READ_ME.

– The cybercriminals exploited a security hole in the server and installed the ransomware Qlocker, which encrypted all the data on the server. This type of situation was common in April and May this year, while it continues to occur. Despite the fact that the manufacturer of QNAP servers prepared an update on April 16, 2021, patching the security vulnerability, many QNAP server owners still have not installed it – says Kamil Sadkowski, ESET Cyber Security Specialist.

After clicking on a text document named . READ_ME, a message from the threat’s creators is displayed, informing that encrypted files can be restored provided a ransom is paid in cryptocurrency. The text document contains detailed instructions that include unique keys and websites to complete the payment. Attackers demand amounts up to the equivalent of several thousand zlotys from victims. ESET experts recommend not to pay the ransom. Instead, you should take advice from the server manufacturer. You can try to recover data on your own, but the chance of success of such actions is not high, and the result of unsuccessful attempts may be damage to files and their irreversible loss. Instead, it is better to look for help among data recovery companies. Unfortunately, the cost of such service often exceeds the ransom amount.

In this case, fortunately other devices connected to the same network as the server were not infected. At the same time, the victim of the attack confirmed that he has not received any suspicious messages recently and that all other accounts, including email, are properly protected.

– This is a valuable lesson for everyone, including businesses. In the context of data protection, it is necessary to think about security comprehensively and in many layers. In the case of devices such as routers or file servers that are difficult to protect with antiviruses, it is necessary to regularly update firmware. All because a possible infection with ransomware can result in serious losses for both individuals and companies – adds Kamil Sadkowski.

Like this post? Please share to your friends:
Mobile Pedia