A new variant of QNAPCrypt Ransomware targeting Linux-based file storage systems (NAS servers) is found. FullofDeep, a Russian cybercrime group operating from the Union State and the Ukraine appears to be operating this ransomware. The new variant utilizes geo-location information in order to determine whether or not the malware will operate. The algorithm the attackers chose to encrypt the filesystem with is AES CFB. The attackers demand to be contacted via a protonmail email account. Below is the ransomnote associated with it.
Malware Hash (MD5/SHA1/SH256)