QNAP urges customers to guard their NAS systems against a new ransomware variant called Checkmate.

According to the NAS vendor, the number of Checkmate attacks is increasing rapidly. Cybercriminals are targeting QNAP NAS devices with weak administrator passwords. Brute forcing is a common method.

Checkmate ransomware

Checkmate ransomware was first spotted on the 28th of May. The malware adds a Checkmate appendix to encrypted files and installs a file called !CHECKMATE_DECRYPTION_README. The readme contains a ransom demand of $15,000 in bitcoin.

QNAP recommendation

QNAP advises users to migrate Internet-facing NAS devices to a VPN, which should reduce the attack surface. Furthermore, it can’t hurt to review current passwords, increase their complexity and backup files.

The NAS vendor notes it’s simultaneously investigating Deadbolt, a re-emerging ransomware variant. Ech0raix is mentioned as well, which has been used to attack QNAP devices since mid-June.

Tip: Thousands of QNAP NAS devices hit by DeadBolt ransomware attack