QNAP network-attached storage devices are under attack from the novel Checkmate ransomware strain that exploits internet-exposed Server Message Block services, reports The Record, a news site by cybersecurity firm Recorded Future.
Dictionary attacks are being conducted by Checkmate ransomware to infiltrate accounts with weak passwords, according to a QNAP advisory.
"Once the attacker successfully logs in to a device, they encrypt data in shared folders and leave a ransom note with the file name !CHECKMATE_DECRYPTION_README in each folder. We are thoroughly investigating the case and will provide further information as soon as possible," said QNAP, which recommended the disconnection of SMB services from the internet as well as the use of VPN services to limit the risk.
Weeks before the emergence of Checkmate ransomware attacks, QNAP warned about its NAS devices being targeted by the Deadbolt ransomware gang, with Censys reporting that nearly 5,000 QNAP NAS devices had been infected with the ransomware.