Checkmate ransomware targets QNAP NAS devices

QNAP Systems warns of Checkmate, a new ransomware targeting users of its network-attached storage (NAS) appliances.

Ransomware no longer only targets data stored on laptops, workstations and servers, but targets NAS storage through publicly exposed SMB services with weak passwords. Once the attacker successfully logs into the device, he encrypts the data in the shared folders and leaves a ransom note with the file name '!CHECKMATE_DECRYPTION_README' in each folder.

This ransomware was documented in late May 2022, but it appears to have failed to spread. QNAP NAS owners that have not been hit are advised not to expose the SMB service to the Internet and to reduce the exposure of the NAS service to the Internet as well as to update their QNAP operating system to the latest version.

Apart from QNAP, other companies such as Synology, Western Digital, Zyxel are regular targets of ransomware. Attackers often exploit weak authentication practices or 'zero-day vulnerabilities' to take over devices.

Learn more: Help Net Security