Security News > 2022 > July > QNAP warns of new Checkmate ransomware targeting NAS devices
Network-attached storage vendor QNAP warned customers to secure their devices against attacks using Checkmate ransomware to encrypt data.
QNAP says the attacks are focused on Internet-exposed QNAP devices with the SMB service enabled and accounts with weak passwords that can easily be cracked in brute-force attacks.
"A new ransomware known as Checkmate has recently been brought to our attention," the NAS maker said in a security advisory published Thursday.
Checkmate is a recently discovered ransomware strain, first deployed in attacks around May 28, that appends a.checkmate extension to encrypted files and drops a ransom note named !CHECKMATE DECRYPTION README. While there aren't any reports on QNAP's official forums or online social networks, victims have been sharing files locked using Checkmate ransomware in a dedicated BleepingComputer forum thread. Based on ransom notes seen so far by BleepingComputer, the attackers ask victims to pay $15,000 worth of bitcoins to get a decryptor and a decryption key.
Ech0raix ransomware is also targeting vulnerable QNAP NAS devices again since mid-June, according to user reports and ID Ransomware sample submissions.
QNAP also said last month that it's 'thoroughly investigating' a new series of attacks pushing DeadBolt ransomware that started in early June.