QNAP removes backdoor account in NAS backup, disaster recovery app By Update: QNAP confirmed that Qlocker ransomware has used the removed backdoor account to hack into some customers' NAS devices and encrypt their files. There appears to be a number of users affected by Ransomware (QLocker) due to this vulnerability. Please Update your HBS3 version ASAP QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials. The hard-coded credentials vulnerability tracked as CVE-2021-28799 was found by Taiwan-based ZUSO ART in HBS 3 Hybrid Backup Sync, the company's disaster recovery and data backup solution.