New Checkmate ransomware has been discovered targeting QNAP NAS devices. Although the attacks are still being investigated, it is known that these new ransomware attacks through SMB services are accessible via the internet.
QNAP says the attacks are focused on Internet-exposed QNAP devices with the SMB service enabled and accounts with weak passwords that can easily be cracked in brute-force attacks.
All About Checkmate Ransomware
Checkmate utilizes a dictionary attack to obtain weak passwords. Data encryption begins after the attacker logs in and successfully compromises the device. The ransomware uses AES and RSA algorithms, and the encrypted files have .checkmate extension.
Checkmate’s ransom note named!CHECKMATE_DECRYPTION_README is then included in each encrypted file.
SMB is a client-server communication protocol used to share access to a variety of devices, files and more. QNAP recommended its users disconnect their SMB service from the internet and urged others to limit their exposure by using VPN services.
Years ago, RAMP was an internet website available over the Tor network that allowed users to buy or advertise all types of illegal things, including drugs.
The site, which was launched in 2012 and is exclusively available in Russia, had a reputation for being the best place to buy drugs that could be delivered within Russia’s borders.
Finally, this version of it was used as a forum besides the marketplace side. However, in 2017 Russian police announced that they had taken down this forum, and then it disappeared.
Disabling SMB 1 by following the steps below:
- Log on to QTS, QuTS hero, or QuTScloud.
- Go to Control Panel > Network & File > Win/Mac/NFS/WebDAV > Microsoft Networking.
- Click Advanced Options.
- Next to the Lowest SMB version, select SMB 2 or higher.
- Click Apply.
Upgrade your QNAP operating system to the most recent version.
- Log on to QTS, QuTS hero, or QuTScloud as administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
The update can also be downloaded from the QNAP website. Follow the instructions for a manual update for your particular device under Support > Download Center.
- To ensure all passwords are strong enough, check all NAS accounts immediately.
- Take regular backups and snapshots of your dat