Qlocker Ransomware Is Apparently Back in Business

Qlocker is a specific ransomware that infiltrates users’ storage devices and operates as a file locker, keeping users out unless they supply a password.

The Qlocker ransomware only affects QNAP network-attached storage (NAS) equipment. It encrypts the user’s files in a 7-zip format and secures them using a password. Once the files have been encrypted, victims are left with a.7z file, a ReadMe file with a ransom message, and a key to the ransomware payment site.

Is Qlocker Back?

It seems that threat actors behind the Qlocker ransomware are once again targeting Internet-exposed QNAP Network Attached Storage (NAS) devices worldwide.

The latest Qlocker ransomware attack started on January 6, and it delivers ransom letters with the filename!!!READ ME.txt on infected machines.

As reported by BleepingComputer, the Tor site URL is also included in these ransom letters. The victims of the ransomware are urged to visit the website in order to learn how much they will have to pay to recover access to their data.

Unfortunately, Qlocker is not the only ransomware that targets QNAP NAS equipment, as seen by an increase in ech0raix ransomware assaults that began just before Christmas.

Earlier this month, QNAP also advised its customers to protect

Read More: https://heimdalsecurity.com/blog/qlocker-ransomware-is-apparently-back-in-business/