QNAP devices Around the World Are Getting Targeted by Qlocker

Qlocker is an active ransomware group and it is detected to be targeting and attacking QNAP devices all over the world. This campaign started on April 19. The infected user’s files are stored in a password protected 7zip archives. 

The Campaign-

It is reported by BleepingComputer that Qlocker support forum is witnessing increased amount of activity from a chunk of its victims. In addition to this, The ID-Ransomware services saw an increase in the number of submissions from its victims.

  • The attackers are using 7-Zip archives to lock the files of the victims in password protected archives. During the process of the locking of the files, the monitor of the QNAP device shows various 7-Zip processes.
  • Once the ransomware has completed its encryption processes, the files get stored in a password protected archive with .7z extension. These files will need a password to retrieve the files.
  • At the end of the process, the victims get a !!!READ_ME.txt ransom note. This contains the credentials to access the tor payment site.
  • The victims are demanded to pay 0.01 Bitcoins, ($557.74), after which they get the password to the archived folder.

The Vulnerabilities that are being exploited-

QNAP suggests that Qlocker has been exploiting the CVE-2020-36195 for executing their ransomware. They fixed two of their vulnerabilities as of April 16.

  • CVE-2020-2509: This is a command injection vulnerability that exists in QTS and QuTS hero.
  • CVE-2020-36195: This is an SQL vulnerability that exists in multimedia Console and the Media Streaming Add-On.


Qlocker ransomware is exploiting a known vulnerability that is known to be patched already. This indicates towards the fact that several organizations have not patched their firmware. So, it is important that organizations always keep their network updated with the latest patch whenever they are released.

By Hrithik Lall

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!