The ransomware is called Qlocker and began targeting QNAP devices on April 19th, 2021. The attackers use 7-zip to move files on QNAP devices into password-protected archives.
When the ransomware has finished, the QNAP device's files will be stored in password-protected 7-zip archives ending with the .7z extension. To extract these archives, victims will need to purchase a password known only to the attacker, using Bitcoins.
This is the message displayed to the victims:
!!! All your files have been encrypted !!! All your files were encrypted using a private and unique key generated for the computer. This key is stored in our server and the only way to receive your key and decrypt your files is making a Bitcoin payment. To purchase your key and decrypt your files, please follow these steps: 1. Dowload the Tor Browser at "https://www.torproject.org/".
If you need help, please Google for "access onion page".
2. Visit the following pages with the Tor Browser: [address].onion
3. Enter your Client Key: [client_key]
You can read regularly updated information about the ransomware and the possible solutions on the BleepingComputer blog article here.
The biggest vulnerability of systems like QNAP is that when they are exposed to the internet, by router or direct configuration, there is a potential of full root access for exploiters, that in this case used the command line of a file compression tool to encrypt the files on the devices.
The Amber device is not just a legacy NAS, it's a Cloud NAS made to be exposed and used regularly from the internet, with a fully secured layer for user data that prevents any unwanted operation on the device's file system.
This layer of additional security is enforced by the cloud token authentication process, that ensures only authorized users can access or even see part of the data on the Amber.
Plus, our applications run in completely separated docker containers, that in case of security issues can be safely stopped and have no access to the private user data without proper authentication.
The users can also fully customize the access to private files with unique read only permits to visualize files from remote that prevent any modification and access links that expire after being used.
The security and safety of the Data stored by our users is our top priority and every aspect of the device is developed with that in mind.