Checkmate Ransomware

The Checkmate Ransomware threat possesses the ability to completely lock its victims out of their own data. If executed successfully on the breached devices, the malware will proceed to target a wide range of file types, including any documents, PDFs, archives, databases, photos and more. Typically, ransomware threats utilize military-grade cryptographic algorithms to ensure that all locked files will be virtually impossible to restore without knowing the proper decryption keys. The affected data is then leveraged by the operators of the threat as a way to extort money from the victims. All files locked by the threat will be marked by having '.checkmate' added to their file names.

The instructions that the operators of the Checkmate Ransomware leave for their victims will be delivered to the infected systems as a text file named '!CHECKMATE_DECRYPTION_README.txt.' According to the message found inside the file, the hackers want to be paid a ransom of exactly $15, 000. However, the only accepted payment method is a transfer to the provided crypto-wallet address and the only accepted currency is Bitcoin. Before making the payment, victims of the threat are supposedly allowed to send up to 3 files that are no bigger than 15MB to the attackers. The note states that the files will be decrypted and returned for free.

The full ransom note of Checkmate Ransomware is:

'You was hacked by CHECKMATE team.
All your data has been encrypted, backups have been deleted.
Your unique ID:
You can restore the data by paying us money.
We have encrypted - office files.
We determine the amount of the ransom from the number of encrypted office files.
The cost of decryption is 15000 USD.
Payment is made to a unique bitcoin wallet.
Before paying, you will be able to make sure that we can actually decrypt your files.
For this:
1) Download and install Telegram Messenger hxxps://telegram.org/
2) Find us hxxps://t.me/checkmate_team
3) Send a message with your unique ID and 3 files for test decryption. Files should be no more than 15mb each.
4) In response, we will send the decrypted files and a bitcoin wallet for payment. Bitcoin wallet is unique for you, so we can find out what you paid.
5) After the payment is received, we will send you the key and the decryption program.'