QNAP is advising customers to update the HBS 3 disaster recovery app to block Qlocker ransomware attacks targeting their Internet-exposed Network Attached Storage (NAS) devices. Ransomware campaign started breaching QnAP NAS devices during the week of April 19, replacing victims’ files with password-protected 7-zip archives. Attackers abused the CVE-2021-28799 hard-coded credentials vulnerability, which acts as a backdoor account, allowing attackers to access devices running out-of-date versions.
Source: https://www.bleepingcomputer.com/news/security/qnap-confirms-qlocker-ransomware-used-hbs-backdoor-account/