Home » Malwares » News Room » Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices

Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices

Disclosure: All information on this site is harmless and purely for educational purposes which is why we post only authentic, unbiased information! The affiliate links are really there for discounts for our readers and for us to earn small commissions that help us stay afloat! Thanks!

An extensive campaign targeting QNAP devices across the globe is underway, and users are finding their files now stored in password-protected 7zip archives.

The ransomware is called Qlocker and it began targeting QNAP devices on April 19th, 2021. Since then, there has been an enormous amount of activity and ID-Ransomware has been a surge of submission from victims on multiple platforms.

According to reports from victims, the attackers use 7-zip to move files on QNAP devices into password-protected archives. While the files are being locked, the QNAP Resource Monitor will display numerous ‘7z’ processes which are the 7zip command-line executable.

When the ransomware has finished, the QNAP device’s files will be stored in password-protected 7-zip archives ending with the .7z extension. To extract these archives, victims will need to enter a password known only to the attacker.

After the encryption of QNAP devices, users are left with a !!!READ_ME.txt ransom note that includes a unique client key that the victims need to log into the ransomware’s TOR payment site.

From the Qlocker ransom notes, all victims are reported to pay 0.01 Bitcoins, which is approximately $557.74, to get a password for their archived files. 

UPDATE: A vulnerability may have been found that could possibly allow victims to recover their files for free. We are still investigating this and will post an update.

QNAP believes cybercriminals are using recent vulnerability

Recently QNAP resolved critical vulnerabilities that could allow a remote actor to gain full access to a device and execute ransomware.

QNAP fixed these two vulnerabilities on April 16th with the following descriptions:

QNAP believed Qlocker exploits the CVE-2020-36195 vulnerability to execute the ransomware on vulnerable devices.

Due to this, it is strongly recommended to update QTS, Multimedia Console, and the Media Streaming Add-on to the latest versions.

While this will not recover your files, it will protect you from future attacks using this vulnerability.


Unlock the power of online security with our in-depth reviews and expert insights. Discover the best VPNs, password managers, and privacy tools to safeguard your digital world.