QNAP advises customers to update their HBS 3 disaster recovery app to prevent Qlocker ransomware attacks on their Internet-connected Network Attached Storage (NAS) devices.
In a security advisory, QNAP said that “The ransomware known as Qlocker exploits CVE-2021-28799 to attack QNAP NAS running certain versions of HBS 3 (Hybrid Backup Sync),”
During the week of April 19, a major Qlocker ransomware campaign began infecting QNAP NAS computers, replacing victims’ files with password-protected 7-zip archives.
Despite the fact that the attack vector was unknown at the time, QNAP has now verified that the attackers exploited the CVE-2021-28799 hard-coded credentials vulnerability.
To Read More: bleepingcomputer