QLocker

For several weeks now, we have been receiving inquiries almost every day from desperate customers, whose QNAP NAS system has become a victim of the QLocker ransomware and the data is no longer accessible. In contrast to other crypto Trojans, where the data is normally encrypted and thus overwritten using software / scripts that are specially installed, with QLocker the files are saved in password-protected archives with the "7zip" compression software that is already pre-installed on the system. The affected folders then have the extension ".7z". Before the data is encrypted in this way, the text file "!!! READ_ME.txt" with further procedures for the victims is created in the affected folder. The ransom is called in Bitcoin and is usually 0.01 BTC, which corresponds to around € 327 (value may be incorrect due to exchange rate fluctuations).

QNAP itself has already issued a statement on this with the urgent recommendation to install the latest version of the malware remover. It is also advisable to update all subsystems - especially for myQNAPcloud.

What to do if the data is encrypted with QLocker?

Call us and tell us about your situation. Because we have already made the experience several times that QLocker apparently does not seem to be the most "professional" cybercriminals and sometimes their work is not so "clean". In some cases, we were able to discover new approaches and ways with which the data loss could be limited or even almost completely reversed.