This New Checkmate Ransomware Targets NAS Devices

Andrew Heinzman

Review Geek


This New Checkmate Ransomware Targets NAS Devices

In its latest security advisory, QNAP warns that hackers are targeting NAS devices with a new Checkmate ransomware. Everyone who exposes their NAS device through SMB services (remote access) need to take extra security steps and create a backup system for their NAS.

As explained by QNAP, the Checkmate ransomware first appeared in mid-2022 and relies on brute-force “dictionary attacks” to crack NAS devices with weak passwords. It then encrypts a victim’s files, giving them a .checkmate extension, and drops a ransom note titled !CHECKMATE_DECRYPTION_README.

Based on information shared to the BleepingComputer forums, the Checkmate ransomware forces victims to pay $15,000 for a decrypter key. Victims claim that all files on their NAS devices are encrypted by Checkmate, including files in “private” folders. (For what it’s worth, QNAP says that only “public” folders are affected.)

Checkmate is just the latest ransomware to target NAS devices, which tend to rely on old or incomplete security protocols. Customers are often unaware of these vulnerabilities and enable remote access on their NAS device without taking extra steps for security or data redundancy.

So, the solution to avoiding this ransomware is nothing new; disable remote access until you can properly secure your data. Start by finding a way to make backups of your NAS device—even with the best security, your NAS is somewhat vulnerable to malware and the forces of nature. I suggest using software like Snapshot or manually copying important NAS data to an external drive.

Once you have a system in place to back up your NAS device’s storage, you can start worrying about how to securely utilize its remote access feature. Your best course of action is to implement a strong password and turn on your NAS device’ VPN and firewall, which will let you (and trusted family or friends) access its contents remotely through a secure tunnel. (You should also disable SMB 1 and only use SMB 2 or higher.)

Bear in mind that all internet-facing NAS devices are somewhat vulnerable to hacking attempts or malware. That’s just the nature of exposing a device to the internet, especially when that device is purpose-built for data hoarding and important file backups.

Continue Reading

Loading data