At this point, it's probably easier to count the ransomware strains that haven't affected QNAP NAS devices (opens in a new tab) than those that have, with Checkmate being the latest to be accused of targeting the network storage terminals.
The company warned users that their Internet-connected NAS drives (opens in a new tab) could be attacked by Checkmate, a relatively new strain of ransomware that was only detected in late May 2022.
Devices must have SMB service enabled and have accounts protected by relatively weak passwords, which could be hacked by a brute force attack.
€15,000 in bitcoins
"A new ransomware known as Checkmate recently came to our attention," the QNAP security advisory reads. "Preliminary research indicates that Checkmate attacks through Internet-exposed SMB services and uses a dictionary attack to crack accounts with weak passwords."
Checkmate does more or less the same thing as any other variety of ransomware. Attackers will first find devices exposed to the Internet and then attempt to log in with accounts compromised by dictionary attacks. After that, Checkmate is implemented, which encrypts all files on the target device and network, and adds the .checkmate extension to them. It then displays a ransom note titled !CHECKMATE_DECRYPTION_README.
The post says that there are no reports on the official QNAP forums or on social media, but some people have taken to their thread to warn their peers about the danger.
Apparently, the threat actor is asking for €15,000 worth of bitcoins, in exchange for the decryption key.
Currently, the best defense against Checkmate, as well as other varieties of ransomware, is to not expose your devices to the Internet. QNAP also suggests using a VPN to reduce the attack surface.
Users should also review their accounts to make sure their passwords are resistant to brute force attacks and back up their files regularly. Installing an antivirus and a firewall also helps.
And finally, make sure your QNAP firmware is up to date.
“We are fully investigating the matter and will provide more information as soon as possible,” QNAP concluded.
Via: BleepingComputer (Opens in a new tab)