We select and review products independently. When you purchase through our links we may earn a commission. Learn more.

This New Checkmate Ransomware Targets NAS Devices

The QNAP TS-133 NAS device.
QNAP

In its latest security advisory, QNAP warns that hackers are targeting NAS devices with a new Checkmate ransomware. Everyone who exposes their NAS device through SMB services (remote access) need to take extra security steps and create a backup system for their NAS.

As explained by QNAP, the Checkmate ransomware first appeared in mid-2022 and relies on brute-force “dictionary attacks” to crack NAS devices with weak passwords. It then encrypts a victim’s files, giving them a .checkmate extension, and drops a ransom note titled !CHECKMATE_DECRYPTION_README.

Based on information shared to the BleepingComputer forums, the Checkmate ransomware forces victims to pay $15,000 for a decrypter key. Victims claim that all files on their NAS devices are encrypted by Checkmate, including files in “private” folders. (For what it’s worth, QNAP says that only “public” folders are affected.)

Checkmate is just the latest ransomware to target NAS devices, which tend to rely on old or incomplete security protocols. Customers are often unaware of these vulnerabilities and enable remote access on their NAS device without taking extra steps for security or data redundancy.

So, the solution to avoiding this ransomware is nothing new; disable remote access until you can properly secure your data. Start by finding a way to make backups of your NAS device—even with the best security, your NAS is somewhat vulnerable to malware and the forces of nature. I suggest using software like Snapshot or manually copying important NAS data to an external drive.

Once you have a system in place to back up your NAS device’s storage, you can start worrying about how to securely utilize its remote access feature. Your best course of action is to implement a strong password and turn on your NAS device’ VPN and firewall, which will let you (and trusted family or friends) access its contents remotely through a secure tunnel. (You should also disable SMB 1 and only use SMB 2 or higher.)

Bear in mind that all internet-facing NAS devices are somewhat vulnerable to hacking attempts or malware. That’s just the nature of exposing a device to the internet, especially when that device is purpose-built for data hoarding and important file backups.

The 6 Best External Hard Drives of 2022

Best Overall
Western Digital My Passport
Best for Portability
SanDisk Extreme Portable SSD
Best for a Budget
Seagate Portable External Hard Drive
Best for Bulk Storage
Western Digital My Book
Best for Durability
LaCie Rugged External Hard Drive
Best for Mac Users
Samsung X5 Portable SSD

Source: QNAP via BleepingComputer

Andrew Heinzman Andrew Heinzman
Andrew is the News Editor for Review Geek, where he covers breaking stories and manages the news team. He joined Life Savvy Media as a freelance writer in 2018 and has experience in a number of topics, including mobile hardware, audio, and IoT. Read Full Bio »