fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Qlocker Ransomware Returns to Target QNAP NAS Devices Worldwide

Qlocker Ransomware Returns to Target QNAP NAS Devices Worldwide

Threat actors behind the Qlocker ransomware are once again targeting Internet-exposed QNAP Network Attached Storage (NAS) devices worldwide.

Qlocker has previously targeted QNAP customers in a massive ransomware campaign that started during the week of April 19, moving victims’ files within password-protected 7-zip archives with the .7z extension after breaching their NAS devices.

QNAP warned that the attackers were exploiting the CVE-2021-28799 hard-coded credentials vulnerability in the HBS 3 Hybrid Backup Sync app to hack into users’ devices and lock their files.

However, for some QNAP customers targeted in last year’s Qlocker ransomware campaign, the warning came way too late after the attackers extorted hundreds of QNAP users.

Also Read: The impact of GDPR and PDPA in Singapore

In total, affected QNAP users lost roughly $350,000 within a single month after paying ransoms of 0.01 bitcoins (worth approximately $500 at the time) to get the password needed to recover their data.

Qlocker returns in new 2022 campaign

The new Qlocker ransomware campaign began on January 6 and it drops ransom notes named !!!READ_ME.txt on compromised devices.

Qlocker ransom note
Qlocker ransom note (BleepingComputer)

These ransom notes also include the Tor site address (gvka2m4qt5fod2fltkjmdk4gxh5oxemhpgmnmtjptms6fkgfzdd62tad.onion) the victims are prompted to visit to gain more information on how much they will have to pay to regain access to their files.

Tor victim pages seen by BleepingComputer since this new series of Qlocker attacks started display ransom demands ranging between 0.02 and 0.03 bitcoins.

Qlocker Tor site
Qlocker Tor site (BleepingComputer)

More information on what to do if the QLocker2 ransomware campaign has hit you can be found in this support topic (the topic for the 2021 Qlocker campaign can be found here).

You can also check out the old guide on how to recover data from NAS devices compromised in last year’s Qlocker ransomware attacks.

Since Qlocker returned on January 6, dozens of ransom notes and encrypted files have been submitted to the ID-Ransomware service by affected QNAP users.

Also Read: Things to Know about the Spam Control Act (Singapore)

Qlocker2 ransomware campaign
Qlocker2 ransomware campaign (ID-Ransomware)

Unfortunately, Qlocker is not the only ransomware targeting QNAP NAS devices, as shown by a surge of ech0raix ransomware attacks that started right before Christmas.

Earlier this month, the company also warned its customers to secure Internet-exposed NAS devices from ongoing ransomware and brute-force attacks by disabling Port Forwarding on their routers and their devices’ UPnP function.

QNAP also notified customers last year to secure their devices against incoming attacks, including Agelocker and eCh0raix ransomware campaigns.

The NAS maker recommends implementing the following best practices if you want to secure your QNAP device from further attacks.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us