Ransomware cyber

QNAP Systems

Nov 29, 2022 1 min read
QNAP Systems

Multiple devices from QNAP, a Taiwanese company specialising in NAS storage, was targeted by two types of ransomware, called Qlocker and eCh0raix, that aimed at encrypting their NAS devices for ransom.

These two ransomware used the 7zip protocol to encrypt data, created password-protected files and demanded a ransom.

With this method, it is possible to recover data from the logs used by 7zip, as long as the computer has not been shut down or restarted.

However, QNAP updated its 'Malware Remover' tool to run on affected computers, facilitating the process and recommending contacting technical support.

It has also updated various applications used on its devices.

Source: https://www.incibe-cert.es/en/early-warning/cybersecurity-highlights/qnap-devices-affected-qlocker-and-ech0raix-ransomware

TPRM report: https://www.rankiteo.com/company/qnap-systems-inc

"id": "qna2236181122",
"linkid": "qnap-systems-inc",
"type": "Ransomware",
"date": "6/2017",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'NAS storage',
                        'location': 'Taiwan',
                        'name': 'QNAP',
                        'type': 'Company'}],
 'attack_vector': 'NAS devices encryption',
 'data_breach': {'data_encryption': True},
 'description': 'Multiple devices from QNAP, a Taiwanese company specializing '
                'in NAS storage, were targeted by two types of ransomware, '
                'called Qlocker and eCh0raix, that aimed at encrypting their '
                'NAS devices for ransom. These two ransomware used the 7zip '
                'protocol to encrypt data, created password-protected files, '
                'and demanded a ransom. With this method, it is possible to '
                'recover data from the logs used by 7zip, as long as the '
                'computer has not been shut down or restarted. However, QNAP '
                "updated its 'Malware Remover' tool to run on affected "
                'computers, facilitating the process and recommending '
                'contacting technical support. It has also updated various '
                'applications used on its devices.',
 'impact': {'data_compromised': True, 'systems_affected': 'NAS devices'},
 'motivation': 'Financial gain',
 'ransomware': {'data_encryption': True,
                'ransom_demanded': True,
                'ransomware_strain': ['Qlocker', 'eCh0raix']},
 'response': {'remediation_measures': ["Updated 'Malware Remover' tool",
                                       'Updated various applications']},
 'title': 'QNAP NAS Devices Targeted by Qlocker and eCh0raix Ransomware',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.