Infection of QNAP Systems By Ransomware Through A Leak In Hybrid Backup Sync

QNAP NAS systems running a vulnerable version of Hybrid Backup Sync (HBS 3) have been the target of ransomware attacks since the week of April 19. The NAS manufacturer warns about this in a security advisory. HBS 3 is a solution for making and restoring backups. It supports a variety of local, remote server and cloud storage services.

However, the software contains a hard-coded password that allows an attacker to log into the system remotely. QNAP claims to be a serious vulnerability identified as CVE-2021-28799. On April 22, QNAP issued a warning stating that security updates had been rolled out to address the issue.

The Qlocker ransomware has been found to be exploiting this vulnerability to infect vulnerable NAS systems. Once active, the ransomware moves files on the NAS system to a password-protected 7z file. Victims then have to pay 0.01 bitcoin to decrypt their files.

The first reports of affected users date back to April 20 . Hundreds of QNAP users are said to have been affected by the Qlocker ransomware in recent weeks and paid a total of $ 350,000 in ransom. The gang behind this ransomware is said to have stopped by now. As a result, victims can no longer pay the ransom to get their data back.

Several QNAP users felt that they were not being properly served by the NAS manufacturer. This included long waiting times for the helpdesk. Today QNAP releases an update on the attacks by Qlkocker and states that the ransomware is exploiting the aforementioned vulnerability in HBS 3. Users are therefore urged to update to a newer version of the software.

Previous Post Next Post