fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

A Ransomware Gang Made $260,000 In 5 Days Using The 7zip Utility

A Ransomware Gang Made $260,000 In 5 Days Using The 7zip Utility

A ransomware gang has made $260,000 in just five days simply by remotely encrypting files on QNAP devices using the 7zip archive program.

Starting on Monday, QNAP NAS users from all over the world suddenly found their files encrypted after a ransomware operation called Qlocker exploited vulnerabilities on their devices.

While most ransomware groups put considerable development time in their malware to make it efficient, feature-rich, and have strong encryption, the Qlocker gang didn’t even have to create their own malware program.

Instead, they scanned for QNAP devices connected to the Internet and exploited them using the recently disclosed vulnerabilities. These exploits allowed the threat actors to remotely execute the 7zip archival utility to password protect all the files on victims’ NAS storage devices.

Using such a simple approach allowed them to encrypt over a thousand, if not thousands, of devices in just five days using a time-tested encryption algorithm built into the 7zip archive utility.

Ransom demands were priced correctly

Enterprise-targeting ransomware usually demands ransom payments ranging from $100,000 to $50 million to decrypt all of a victim’s devices and not leak their stolen data.

Also Read: Compliance Course Singapore: Spotlight On The 3 Offerings

However, Qlocker chose a different target – consumers and small-to-medium business owners utilizing QNAP NAS devices for network storage.

It seems that the threat actors knew their targets well as they priced their ransom demands at only 0.01 Bitcoins, or at today’s Bitcoin prices, approximately $500.

Qlocker ransom demand
Qlocker ransom demand

Deciding to pay millions of dollars requires a company to think hard about whether the lost data is worth millions of dollars.

However, paying $500 can be seen as a small price to pay to recover important files, no matter how violated a victim may feel.

Qlocker’s decision appears to have paid off as the payments have started to rush in earning the threat actors a sizeable return for a few days of activity.

Qlocker made almost $260,000 so far

As the Qlocker ransomware uses a fixed set of Bitcoin addresses that victims are rotated through, it has been possible for BleepingComputer to collect the addresses and monitor their payments.

Tuesday night, security researcher Jack Cable discovered a short-lived bug that allowed him to recover the passwords for 55 victims passwords for free. While utilizing this bug, he collected ten different Bitcoin addresses that the threat actors were rotating with victims and shared them with BleepingComputer.

Since then, BleepingComputer has collected an additional 10 addresses, for a total of 20 bitcoin addresses used by the Qlocker threat actors. 

At this time, the 20 bitcoin addresses, shown below, have received ransom payments totaling 5.25735623 Bitcoins. This amount is equivalent to approximately $258,494.

Also Read: Considering Enterprise Risk Management Certification

Bitcoin AddressTotal Bitcoin payments
34vbPQLgGZwKG2FikitGU6QR7K25aB6Shh0.55216220
37m57HiP5rPceopgEWF9sM58CkzaDFYtaU0.14021317
3Ekwztte7oWR1odC1eKeL2Va4cpBuGXPgU0.09962125
3EPBKN3bcax81U3MdKYUhMC1fzFEFGPC6E0.10915462
3EvCKQ38y8ePUwM4w49XWVtAK7KhYbmeMH0.34801656
3FvLioiqF2TrQgZ9zRMdd7QUfc2hTjKZfL0.08951304
3FXVLv8TmcHNmnfwLfc5g7f2a32xp3XugW0.38088464
3G6fbWX6At9uRzKf6kwS6R6pn5EQ8UsxKY0.16983215
3GfAJxhUen3oqb4sDDnPmXyhs5mDboHbyG0.46134513
3JRdPjB8U3nfDqQHzTqw9yYra49Gsd8Rar0.40133268
3KmK5z4CAvn3aL4Q8F2gWbhuPRy9ZmEurN0.29910901
3Kywg92E877KUWmyaeeLNSXFc5bqBvFbAm0.48277236
3LLzycFNFh7mDsqRhfknfGBa6TKq6HcfwS0.31901320
3Lp1NkJHYsmFRBfM3ggoWsS1PF5hXxrwrD0.32386846
3PDfzkTnD1E7gB7peZ2prRyDxjQ1BhqcV10.14020000
3PunvFGpVWLX7PNAoT3bMDbPQU2QQW4kxN0.15954000
3Q8WmjQyFs1EKCdu415t2P9cxY7AbqorPd0.40031185
3EWRngsRDhCxMHtKxeK6k9kX3pyWZSA2YB0.13081244
3Gwz3yVmrGr5AqmUrAS8H2QQaPz2v9Rhpx0.15965435
3JtUAz4aKUrjcBK47ocdv52tTJkriat1nx0.08999912

If we divide the amount of Bitcoins earned, we come out to approximately 525 victims having paid the ransom so far.

Unfortunately, the ransoms keep coming in as users make the hard decision of paying to recover their files, so this number will likely increase through the weekend and into next week.

This ransomware campaign is still ongoing, with new victims appearing every day. Therefore, all QNAP users must update the latest versions of the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps to fix the vulnerabilities and protect against these ransomware attacks.

Users are also advised to secure their NAS devices so that other future attacks are harder to accomplish.

For more information, you can read our dedicated Qlocker article or visit our highly active Qlocker support topic, where users are helping each other recover files and secure their devices.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us