ADVERTISEMENT

Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol

The CheckMate ransomware operators have been targeting the Server Message Block (SMB) communication protocol used for file sharing to compromise their victims’ networks.

CheckMate ransomware campaign

Unsplash/Cybernews

Jurgita Lapienytė
Jurgita Lapienytė Chief Editor
May 11, 2023 Updated: 13 May 2023 4 min read

Gang linked to Russia

  • Financial loss
  • Data loss
  • Disruption of business operations
  • Reputation damage
  • Spread of malware
  • Legal and regulatory consequences
CheckMate transactions
ADVERTISEMENT

Why SMB?

Modus operandi

CheckMate cyber kill chain

Mitigation

  • Enable authentication to ensure that only authorized users can access the SMB share
  • Use strong passwords and enforce regular password changes to prevent unauthorized access
  • Encrypt data in transit to protect it from interception and unauthorized access. Use encryption protocols such as SMB encryption or SSL/TLS
  • Limit access to SMB shares to users and groups that are needed. Use access control lists (ACLs) to specify which users or groups can access the share and the level to access they have
  • Disable unused services and protocols to reduce the attack surface. For example, if you’re not using NetBios over TCP/IP, disable it
  • Keep the operating system and all software up to date with the latest security patches to protect against known vulnerabilities
  • Monitor SMB share activity
ADVERTISEMENT