The Qlocker ransomware group that was responsible for holding QNAP NAS devices for ransom has shut down its operations. The group was receiving almost $350,000 a month by exploiting vulnerabilities in the devices. After the devices were encrypted, the victims would be instructed to a read_me.txt file that explained how to get their files back. The normal ransom for these victims was .01BTC or about $550. The TOR site victims were directed to for payment instructions also recently began displaying a message about the site shutting down soon, warning victims to pay the ransom as quickly as possible. A low ransom amount combined with a short time limit was enough to convince many victims to pay up. Later in their attacks, the group began collecting the .01BTC asked for as ransom and then telling the victim that an additional .02 BTC was required to get their files back.
Analyst Notes
Qlocker used a low ransom amount to entice their victims to just pay the ransom instead of debating it. Because of this, the group managed to collect ransom from a lot of companies. The group used vulnerabilities in QNAP devices that were known. This is a great example of why it is important to stay up to date on information surrounding devices and software and apply patches whenever they become available as quickly as possible.
