This summer, Bleeping Computer journalists reported on a new ransomware AgeLockerWhich uses the Age (Actually Good Encryption) encryption algorithm to encrypt the files of its victims. When encrypting, the malware adds a text header to the encrypted data, which begins with the age-encryption (.) Org URL.
Now the publication specialists noticedthat since the end of August 2020, AgeLocker or another ransomware that uses the same encryption has begun to attack Qnap NAS devices accessible over the Internet and encrypt data on them.
For example, one of the victims from the Bleeping Computer forums shared an encrypted file with analysts of the ID Ransomware project, after which information security expert Michael Gillespie was able to determine that the file was encrypted using Age. Gillespie also confirmed that AgeLocker was indeed active by the end of August.
The specialist also notes that in the ransom note, AgeLocker operators state that before encryption began, they stole the user's files, which contain "medical data, scanned images, backups, and so on."
It is not yet known how much the hackers are demanding as ransom or exactly how attackers gain access to QNAP devices.
The publication also warns that it is unfortunately impossible to recover files encrypted by AgeLocker for free.