Hackers Target NAS Machines with Two Ransomware
CheckMate and DeadBolt ransomware attacks
Recently, dark web hackers have launched two of the latest ransomware attack on QNAP clients. With numerous tech devices affected, the company had issued advisories for its users to implement safety measures to minimize and prevent unauthorized access to their NAS machines by utilizing a VPN service.
The Checkmate malware encrypts files, adds a.checkmate extension, and even leaves a polite ransom note for victims. The modest criminals only demanded each victim pay $15,000 in bitcoins to get a copy of the CheckMate ransomware decryption key.
Meanwhile, the DeadBolt ransomware was spotted in July, for now cyber analyst are still researching this latest malware launched by dark web hackers.
How to stop CheckMate assaults
The warning was issued after cyber security analysts revealed that they have tracked criminal hackers attempting to gain access with hacked credentials. To decrease and avoid hacking attacks, QNAP users were instructed to evaluate the private credentials associated with their NAS accounts.
In addition, they were advised to ensure creating strong passwords, and utilize a cloud system to back up all important files. The warning also states to create backup snapshots of data, which could easily be accessed to restore a compromised network system.
Update for QNAP Accounts
Customers can update their systems by entering QTS, QuTS hero, or QuTScloud, to reach the Control Panel > Network & File > Win/Mac/NFS/WebDAV > Microsoft Networking, and select “SMB 2 or higher” click Advanced Options to disable SMB 1.
Administrator’s access is also available through the QTS, QuTS hero, or QuTScloud then “Check for Update” under “Live Update” in Control Panel > System > Firmware Update. Also, QNAP advised that the NAS firmware must be updated to its latest released version.
With the latest cyber security threat, QNAP’s NAS users reported the infiltration of the ID Ransomware in early July. However, the submitted analytical report from the company’s cyber analysts indicated that the hackers have been targeting the system since June 2022 with the malicious ech0raix ransomware.
As of July, QNAP’s cyber team added that the company is analyzing the DeadBolt ransomware recently launched by hackers against its network. Previous notifications from QNAP about CheckMate revealed that the hackers concentrated their attacks against weak passwords created by its users.
Clients with SMB services are being advised to periodically update their Internet devices to the most current firmware. With SMB access, preliminary research revealed that the Checkmate ransomware utilizes a form of dictionary hack that can easily compromise weak passwords. Therefore, according to QNAP security team, customers must quickly incorporate the suggested security measures to prevent brute-force hacks on their NAS devices.