QNAP warns yet another wave of attacks are targeting NAS devices

News
By Sead Fadilpašić
published

Checkmate ransomware hitting QNAP NAS devices

ID theft
(Image credit: Future)

At this point, it’s probably easier to count ransomware strains that haven’t struck QNAP NAS devices than those that have, with Checkmate the latest to be accused of targeting network-attached storage endpoints. 

The company has warned users that their internet-connected NAS drives might be targeted by Checkmate, a relatively new ransomware strain that’s only been spotted in late May 2022.

The devices need to have SMB service enabled, and have accounts protected with relatively weak passwords, that could be cracked with a brute-force attack.

$15,000 in bitcoin 

"A new ransomware known as Checkmate has recently been brought to our attention," QNAP’s security advisory reads. "Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords."

Checkmate does, more or less, the same as any other ransomware strain. First, the attackers will find devices exposed to the internet, and then try to log in using accounts compromised in dictionary attacks. After that, Checkmate is deployed, which encrypts all files on the target device, and network, and adds the .checkmate extension to them. It then deploys a ransom note titled !CHECKMATE_DECRYPTION_README.

The publication says there are no reports on QNAP’s official forums, or social networks, but some people have turned to its forum thread to warn their peers of the danger.

Allegedly, the threat actor is demanding $15,000 in bitcoin, in exchange for the decryption key.

Read more

> Sorry QNAP customers, you're under attack again

> QNAP calls on users to update NAS devices immediately

> These are the best antivirus software 

Right now, the best defense against Checkmate, as well as other ransomware strains, is not to expose the devices on the internet. QNAP also suggests using a VPN to reduce the attack surface.

Users should also review their accounts, to make sure their passwords are resilient to brute-force attacks, and back up their files regularly. Having an antivirus and firewall installed also helps.

And finally, make sure your QNAP’s firmware is up to date. 

"We are thoroughly investigating the case and will provide further information as soon as possible," QNAP concluded.

Via: BleepingComputer

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.