What are you looking for ?
Mobile Search Icon
Mobile Menu Icon
Advertise with us
RAIDON

Qnap Security Advisory QSA-22-21: Checkmate Ransomware Via SMB Services Exposed to Internet

Preliminary investigation indicates that Checkmate attacks via SMB services exposed to Internet, and employs dictionary attack to break accounts with weak passwords.

This is a Press Release edited by StorageNewsletter.com on July 19, 2022 at 2:01 pm

Qnap Systems Inc. had published a security advisory concerning the ransomware Checkmate and NAS SMB services exposed to the internet.

Release date: July 7, 2022
Security ID: QSA-22-21
Severity: Medium
Affected products: SMB services exposed to the internet
Status: Information

Summary
A new ransomware known as Checkmate has recently been brought to our attention. Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords. Once the attacker successfully logs in to a device, they encrypt data in shared folders and leave a ransom note with the file name ‘!CHECKMATE_DECRYPTION_README’ in each folder.

The company is thoroughly investigating the case and will provide further information as soon as possible.

Recommendation
If the SMB service on your NAS is exposed to the internet, we strongly recommend taking the following actions:

  1. Do not expose SMB service to the internet.
    You can reduce NAS service exposure to the internet by using a VPN. For details, refer to this document.
  2. Disable SMB 1.
  3. Update your QNAP operating system to the latest version.
  4. Review all NAS accounts immediately to ensure all passwords are strong enough.
  5. Back up your data and take snapshots regularly.

Disabling SMB 1

  1. Log on to QTS, QuTS hero, or QuTScloud.
  2. Go to Control Panel > Network & File > Win/Mac/NFS/WebDAV > Microsoft Networking.
  3. Click Advanced Options.
    The     Advanced Options window opens.
  4. Next to Lowest SMB version, select SMB 2 or higher.
  5. Click Apply.

Updating QTS, QuTS hero, or QuTScloud

  1. Log on to QTS, QuTS hero or QuTScloud as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS, QuTS hero or QuTScloud downloads and installs the latest available update.

Tip: You can also download the update from the Qnap website. Go to Support > Download Center and then perform a manual update for your specific device.

Revision history: V1.0 (July 7, 2022) – Published

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E