Qlocker is an active ransomware group and it is detected to be targeting and attacking QNAP devices all over the world. This campaign started on April 19. The infected user’s files are stored in a password protected 7zip archives.
It is reported by BleepingComputer that Qlocker support forum is witnessing increased amount of activity from a chunk of its victims. In addition to this, The ID-Ransomware services saw an increase in the number of submissions from its victims.
The Vulnerabilities that are being exploited-
QNAP suggests that Qlocker has been exploiting the CVE-2020-36195 for executing their ransomware. They fixed two of their vulnerabilities as of April 16.
Qlocker ransomware is exploiting a known vulnerability that is known to be patched already. This indicates towards the fact that several organizations have not patched their firmware. So, it is important that organizations always keep their network updated with the latest patch whenever they are released.