Qlocker Ransomware

The Qlocker ransomware has been active once again with waves of attacks this year. This ransomware has been using, like the others, the Ransomware as a Service (RaaS) strategy. This allows the destructive power of a ransomware attack to be made accessible to anyone.

Qlocker’s primary target has been the specialized manufacturer of network storage solutions, QNAP. More precisely, the NAS (Network Attached Storage) storage devices that are exposed to the Internet network around the world.

Qlocker uses this vulnerability of QNAP devices connected to the Internet to execute a simple mechanism. After entering the environment, the malware takes care of moving the victims’ files to password-protected 7-zip archives.

Resulting in an environment with only .7zip extension files and a READ_ME.txt ransom note with the steps to follow to supposedly get their data back.

The group had previously attacked NAS devices, thus forcing the company QNAP to take some emergency measures. Consumers were obviously informed of the imminent risk and such a vulnerability that they were exposed to at that time.

Unfortunately, for some consumers the alert came too late. Many users ended up seeing their data being encrypted and locked without knowing precisely what they could do.

Around $350,000 in ransom value was spent by QNAP consumers attacked by the Qlocker ransomware in a single month.

Of course, with this wave of attacks going well for the evildoers, it was not to be expected that their activities would not cease. The group attacked once again, increasing its average ransom value from 0.01 BTC to 0.02 BTC (approximately $700 at the time of the attack wave).

Recover files encrypted by Qlocker ransomware

Paying the ransom is not recommended under any circumstances, payment funds the groups for further attacks, and criminals give no guarantee that the key will be delivered after payment.

For this reason, Digital Recovery is positioned as the best solution for recovery of data encrypted by ransomware.

Our experts have developed recovery solutions that give us the ability to recover data from databases, storages, virtual machines, RAID systems, servers, and other storage devices.

We understand how sensitive a company’s data can be, so we have taken care to build our recovery strategy in accordance with the General Data Protection Regulation (GDPR) and have, of course, a confidentiality agreement (NDA).

All of this is done remotely. So no matter where you are, Digital Recovery can help. Contact our experts and get your data recovered now.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Récupérer le Ransomware Makop

Makop Ransomware

The Makop ransomware has grown through its affiliate programme, RaaS (Ransomware as a Service), a tactic that aims to find partners to carry out attacks

Recover BlogXX Ransomware

Ransomware BlogXX

The BlogXX ransomware group recently emerged with the theft of patient data from Mediabank, an Australian health insurer, on October 12. According to authorities, the


Pozq ransomware

Pozq ransomware was recently discovered after a sample submission on VirusTotal. After some analysis, evidence was highlighted that Pozq may have a relationship with the


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.