“Checkmate”: QNAP warns of NAS ransomware

On July 11, 2022By Garmin Philip

“checkmate”

The ransomware “Checkmate” is currently attacking NAS devices from QNAP. In addition to a warning, QNAP also offers hints and tips to protect against the attacks.

News

Stylized padlock next to the inscription — QNAP warns of the “Checkmate” ransomware, which is currently attacking NAS devices.

Internet-connected NAS devices from QNAP can currently become the target of “Checkmate” ransomware. The manufacturer warns in a security alert before the attacks. After a successful attack, “Checkmate” encrypts data contained on the NAS and leaves a ransom note.

The first reports from affected users appeared in the forum of “Bleeding computer” already at the beginning of June.

The attack apparently takes place via SMB services that are accessible via the Internet. The ransomware tries to find out the password with dictionary attacks and thus get onto the system. After encryption, it leaves a file titled “!CHECKMATE_DECRYPTION_README” in each folder containing the $15,000 ransom note.

QNAP recommends securing against “Checkmate” with the following steps:

Do not expose SMB services to the Internet: This can be done by using a VPN, as one can see in a Instructions describes.
Disable SMB 1: To do this, log into QTS, QuTS hero or QuTScloud and then go to “Control Panel -> Network & File -> Win/Mac/NFS/WebDAV -> Microsoft Networking”. There you select “Advanced Options” and then activate under “Lowest SMB Version” SMB 2 or higher.
Update the QNAP OS to the latest version: To do this, log in to QTS, QuTS hero or QuTScloud as an administrator. Then go to “Control Panel -> System -> Firmware Update” and click “Check for Update” under “Live Update”.
Check all NAS accounts for strong and unique passwords
Create a backup for all data and update it regularly