At this point, it’s probably easier to count ransomware strains that haven’t struck QNAP NAS devices (opens in new tab) than those that have, with Checkmate the latest to be accused of targeting network-attached storage endpoints.
The company has warned users that their internet-connected NAS drives (opens in new tab) might be targeted by Checkmate, a relatively new ransomware strain that’s only been spotted in late May 2022.
The devices need to have SMB service enabled, and have accounts protected with relatively weak passwords, that could be cracked with a brute-force attack.
$15,000 in bitcoin
“A new ransomware known as Checkmate has recently been brought to our attention,” QNAP’s security advisory reads. “Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords.”
Checkmate does, more or less, the same as any other ransomware strain. First, the attackers will find devices exposed to the internet, and then try to log in using accounts compromised in dictionary attacks. After that, Checkmate is deployed, which encrypts all files on the target device, and network, and adds the .checkmate extension to them. It then deploys a ransom note titled !CHECKMATE_DECRYPTION_README.
The publication says there are no reports on QNAP’s official forums, or social networks, but some people have turned to its forum thread to warn their peers of the danger.
Allegedly, the threat actor is demanding $15,000 in bitcoin, in exchange for the decryption key.
Right now, the best defense against Checkmate, as well as other ransomware strains, is not to expose the devices on the internet. QNAP also suggests using a VPN to reduce the attack surface.
Users should also review their accounts, to make sure their passwords are resilient to brute-force attacks, and back up their files regularly. Having an antivirus and firewall installed also helps.
And finally, make sure your QNAP’s firmware is up to date.
“We are thoroughly investigating the case and will provide further information as soon as possible,” QNAP concluded.