"Russia-Affiliated CheckMate Ransomware Quietly Targets Popular File-Sharing Protocol"
The CheckMate ransomware group has targeted the Server Message Block (SMB) communication protocol to compromise their victims' networks. Cybernews researchers report that the group does not operate a data breach site, which is unusual for a ransomware campaign, given that many prominent gangs boast about targets and list them as victims on their data leak sites. This is done to increase the pressure on the victim to pay the demanded ransom. Recent research conducted by Cybernews has uncovered new CheckMate activity, revealing that the group has been actively targeting SMB shares with insufficient security. After gaining access to SMB shares, the malicious actors encrypt all files and demand payment in exchange for the decryption key. The ransomware group operates Kupidon, Mars, and CheckMate ransomware, all of which were discovered between 2021 and 2022. This article continues to discuss the CheckMate ransomware operators targeting the SMB communication protocol.