A Ransomware Group Made $260,000 in 5 Days

A Ransomware Group Made $260,000 in 5 Days

A ransomware group made $260,000 by remotely encrypting files on QNAP computers using the 7zip archive software in an interval of five days. After a ransomware operation called Qlocker exploited vulnerabilities on their computers, QNAP NAS users all over the world discovered their files had been encrypted as of Monday. 

While most ransomware groups spend a significant amount of time developing their malware to make it powerful, feature-rich, and safe, the Qlocker gang didn't have to do so. Rather, they scanned for QNAP devices that were connected to the Internet and manipulated them with the recently disclosed flaws. 

The threat actors were able to use these exploits to remotely run the 7zip archival utility and password secure all of the files on the victims' NAS storage devices. Using a time-tested encryption algorithm built into the 7zip archive utility, they were able to encrypt over a thousand devices in just five days. To access all of a victim's computers and not leak their stolen data, enterprise-targeting ransomware usually demands ransom payments ranging from $100,000 to $50 million. 

Qlocker, on the other hand, chose a different audience: customers and small-to-medium-sized businesses that use QNAP NAS computers for network storage. The threat actors seem to have a good understanding of their goals since their ransom demands were just 0.01 Bitcoins or around $500 at today's Bitcoin rates. 

Since the Qlocker ransomware uses a series of Bitcoin addresses that are rotated around, BleepingComputer collected the addresses and tracked their payments. Security researcher Jack Cable discovered a short-lived bug that allowed him to recover passwords for 55 victims for free. He gathered ten separate Bitcoin addresses that the threat actors were rotating with ..

Support the originator by clicking the read the rest link below.