[RANSOMWARE] >>READ 1st Post<< Deadbolt
-
- New here
- Posts: 3
- Joined: Mon Jul 10, 2017 2:36 pm
Re: [RANSOMWARE] Deadbolt
Hope someone can help me out, please?
Paid the 0.03 BTC ransom earlier today, and can't figure out how to get the decryption key from looking through the transactions.
bc1qp6tgylf3mltlvasvtswxsplgju5mq27rm8857c
Thank you!
Paid the 0.03 BTC ransom earlier today, and can't figure out how to get the decryption key from looking through the transactions.
bc1qp6tgylf3mltlvasvtswxsplgju5mq27rm8857c
Thank you!
- OneCD
- Guru
- Posts: 12146
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [RANSOMWARE] Deadbolt
Your decryption key is: 57011ac198f35490f5dbf536e806d1e3
-
- New here
- Posts: 3
- Joined: Mon Jul 10, 2017 2:36 pm
Re: [RANSOMWARE] Deadbolt
Just popped it into the Deadbolt decryptor program by Emsisoft and it worked!
You are a bloody legend, OneCD!!
- OneCD
- Guru
- Posts: 12146
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [RANSOMWARE] Deadbolt
No worries mate. Looks like you saved a couple of hundred bucks too, as BTC is down at the moment.
-
- New here
- Posts: 3
- Joined: Mon Jul 10, 2017 2:36 pm
Re: [RANSOMWARE] Deadbolt
Too true! Can I buy you a beer? You've just helped save a small business in Australia.
And where did you find the decryption key info? If a magician never tells, I can live with that, but it might help others out there that decide to pay the ransom (as horrible as that is).
- OneCD
- Guru
- Posts: 12146
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [RANSOMWARE] Deadbolt
No, but please have one (or maybe two) for me.
Use https://www.blockchain.com for this.
- When you've loaded that site, use the search bar (near the top-right of the web-page) and copy-paste your specific ransomware bitcoin address into the search field, then push <enter>.
That will take you to this page: https://www.blockchain.com/btc/address/ ... q27rm8857c
- Scroll down to the "Transactions" section.
- There are presently 2 transactions with this hash. We're interested in the transaction for +0.00005460 BTC, as this is the amount the hackers pay to the same bitcoin address to provide your decryption key. So, click on the "Hash" value for that transaction: https://www.blockchain.com/btc/tx/cf42a ... d6af367b18
- Now, we're on a new page with the transaction details. Scroll down to the "Outputs" section - it's the last one on the page.
- Then find index 2 (OP_RETURN). The attached hexadecimal number is the decryption key.
-
- Guru
- Posts: 13192
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: [RANSOMWARE] Deadbolt
The lessons that you hopefully learnt from this experience is that you:
- Never expose the Qnap directly on the internet again.
- Always do regular backups to external storage with at least one stored at another site.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
- OneCD
- Guru
- Posts: 12146
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
-
- First post
- Posts: 1
- Joined: Wed May 18, 2022 6:17 pm
Re: [RANSOMWARE] Deadbolt
Hello All, please help ...
our NAS got hit by ransomware-deadbolt, cannot avoid to pay ransom 0.03BTC.
while trying to do the payment, got the "error" sign that said the bitcoin given address is wrong.
the given btc-add: bc1q7nn53642uxtqhkse7yhdj46e7hvqvm21dg4wxs
is there anyway to check the correct address?
hopefully can get some help from you guys ...
our NAS got hit by ransomware-deadbolt, cannot avoid to pay ransom 0.03BTC.
while trying to do the payment, got the "error" sign that said the bitcoin given address is wrong.
the given btc-add: bc1q7nn53642uxtqhkse7yhdj46e7hvqvm21dg4wxs
is there anyway to check the correct address?
hopefully can get some help from you guys ...
-
- First post
- Posts: 1
- Joined: Wed May 18, 2022 8:53 pm
Re: [RANSOMWARE] Deadbolt
QNAP strikes again. It dropped the page with instructions on how to restore the ransom page - and they didn't respond to my open ticket. Finally scraped together the funds to pay the ransom, and now we can't get to the ransom page. Thanks to those who have provided instructions through this 65 page thread (pain the arse going through to find what you're looking for) - hoping that works.
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] Deadbolt
please check the first page of this topic for an answer to your issue
- OneCD
- Guru
- Posts: 12146
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [RANSOMWARE] Deadbolt
Can you please post a screenshot of the ransomware screen? I'd like to confirm the address you were given.
- OneCD
- Guru
- Posts: 12146
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [RANSOMWARE] Deadbolt
Agree, looks like QNAP have been retooling their support system and the original article has been lost.
- OneCD
- Guru
- Posts: 12146
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [RANSOMWARE] Deadbolt
Found a cached copy of the page: https://webcache.googleusercontent.com/ ... clnk&gl=au
Grab it while you can.
Grab it while you can.
-
- Experience counts
- Posts: 1822
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: [RANSOMWARE] Deadbolt
QNAP Bulletin https://www.qnap.com/en/security-news/2 ... le-version
Code: Select all
2022-05-19
Take Immediate Actions to Secure QNAP NAS, and Update QTS to the latest available version.
security
Taipei, Taiwan, May 19, 2022 - QNAP® Systems, Inc. recently detected a new attack by the DEADBOLT Ransomware. According to the investigation by the QNAP Product Security Incident Response Team (QNAP PSIRT), the attack targeted NAS devices using QTS 4.3.6 and QTS 4.4.1, and the affected models were mainly TS-x51 series and TS-x53 series . QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the Internet.
About QNAP Systems, Inc.
QNAP (Quality Network Appliance Provider) is devoted to providing comprehensive solutions in software development, hardware design and in-house manufacturing. Focusing on storage, networking and smart video innovations, QNAP now introduce a revolutionary Cloud NAS solution that joins our cutting-edge subscription-based software and diversified service channel ecosystem. QNAP envisions NAS as being more than simple storage and has created a cloud-based networking infrastructure for users to host and develop artificial intelligence analysis, edge computing and data integration on their QNAP solutions.
Media Contacts
marketing@qnap.com
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]