A group of hackers targeting vulnerable network attached storage (NAS) devices sold by QNAP Systems Inc. has shut down operations after extorting regular users and small businesses of almost 9 Bitcoin, the equivalent of around $365,000, in a matter of weeks.
Qlocker operators began targeting the devices around mid- April, when throngs of users discovered that their digital files had been replaced by password-protected 7zip archives.
In typical ransomware fashion, the attackers gave victims a Readme.txt file containing instructions on how to recover their encrypted files – pay 0.1 Bitcoin ($400) to a designated digital wallet. Upon making contact, however, some users discovered that the ransom had increased to 0.3 Bitcoin.
“Bitcoin is getting harder to find, time waits for nothing. The new price is 0.03,” the attackers explained, according to Bleeping Computer.
Victims reportedly paid a total of 8.93258497 Bitcoins across 20 wallets owned by the Qlocker gang, an amount that translates to $365,477 at current prices. Just last week, the same number of Bitcoins would have fetched close to half a million dollars, but the volatile digital currency plummeted in value over the weekend.
Qlocker has since closed all of its Tor websites and has made a quick exit (at least for the time being) from the ransomware scene after pocketing hundreds of relatively small ransoms from victims worldwide.
Other ransomware gangs have followed the same route. The move may be related to the high-profile attack on Colonial Pipeline and increased pressure on international law enforcement to take down cybercrime rings. As reported by the BBC, the Ransomware Task Force (RTF) global coalition of cyber-experts is lobbying governments to make ransom payments illegal. Experts, however, fear the move would open a whole new can of worms, resulting in a ‘horrific game of chicken.’