The IT Nerd

QNAP cannot catch a break. Either that or the security of their NAS devices is so bad that it is easy threat actors to target the users of their NAS devices. Either way, there’s a new strain of ransomware that QNAP is warning users about:

A new ransomware known as Checkmate has recently been brought to our attention. Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords. Once the attacker successfully logs in to a device, they encrypt data in shared folders and leave a ransom note with the file name “!CHECKMATE_DECRYPTION_README” in each folder.

We are thoroughly investigating the case and will provide further information as soon as possible.

The way I read the warning, the attacks are focused on Internet-exposed QNAP devices with the SMB service enabled and accounts with weak passwords that can easily be cracked in brute-force attacks. Thus the easy way to protect yourself is to not expose your NAS to the Internet and to up your password game. But the question has to be asked. Why is it that QNAP devices are always the targets of these attacks? I don’t hear about this sort of thing from any other NAS vendors with the exception of Asustor perhaps. It continues to illustrate to me that QNAP needs to seriously up its security game because at the moment they’re clearly not meeting the mark.

This entry was posted on July 7, 2022 at 2:06 pm and is filed under Commentary with tags QNAP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.