Qlocker/Qlocker2 ransomware

Today, when sync folder with odrive, this message started to appear:


All your files were encrypted using a private and unique key generated for the computer. This key is stored in our server and the only way to receive your key and decrypt your files is making a Bitcoin payment.

Hi @claracpvale,
I am very sorry to hear that you have been targeted by this ransomware. This was not done by a virus in odrive, however.

It appears that you have been hit by QLocker/Qlocker2 (All About Qlocker), which is a ransomware that targets QNAP devices. It sounds like there was a large resurgence of these attacks, starting on January 6th of this year.

Using Tor2Web, I navigated to the .onion address (https://gvka2m4qt5fod2fltkjmdk4gxh5oxemhpgmnmtjptms6fkgfzdd62tad.onion.ly) and it shows this:

Additionally, doing a Google search for the tor address (gvka2m4qt5fod2fltkjmdk4gxh5oxemhpgmnmtjptms6fkgfzdd62tad.onion) reveals that is is used in these QLocker attacks.

Below I have listed a few resources for more information and how to possibly recover:
All About Qlocker
Qlocker ransomware returns to target QNAP NAS devices worldwide
QLocker2 (QNAP NAS) Ransomware .zip - Ransomware Help & Tech Support
How to recover your files from the Qlocker attack

Thank you very much.
After my first message, I continued to follow the trail and also came to the conclusion that the problem was with the NAS and not ODRIVE or Google Drive. I turned off the NAS. The things that were in google drive and in NAS will be ok. (they are duplicated, both encrypted and not encrypted). The problem will be with the ones that are only in the NAS (I think are few) and with the NAS itself.
I will follow your links.
Kind regards
Clara Vale

1 Like