[RANSOMWARE] >>READ 1st Post<< Deadbolt
-
- First post
- Posts: 1
- Joined: Sun Aug 07, 2022 4:25 pm
Re: [RANSOMWARE] Deadbolt
My qnap, dropbox and onedrive got infected with the deadbolt ransomware on 29/7. Lesson; never backup your onedrive to the QNAP nas. Yesterday I decided to pay the 0,05BC and found the key. I used the emsisoft decrypted and the deadbolt decrypted. Both worked fine. Many thanks to all the people on this platform and especially to OneCD for the manual to find the OP_return code. It seems the hackers automated this process during their downtime since the code was available directly after transferring the bitcoins. Good luck to all of you still struggling.
Furthermore, I saw the emisoft tool was downloaded 17k times...17.000 x €1000 plus all the other tools used....I guess some people are looking for a new yacht now.
KR
Mark
Furthermore, I saw the emisoft tool was downloaded 17k times...17.000 x €1000 plus all the other tools used....I guess some people are looking for a new yacht now.
KR
Mark
-
- Guru
- Posts: 13192
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: [RANSOMWARE] Deadbolt
No that can't be the lesson. If you backup from Onedrive to the Qnap, Onedrive should still have your original files untouched.
The idea with a backup copy is that either the source data or the backup destination could be lost/corrupted/whatever but the other one will always be okay.
The most important lesson to learn is to stop having the Qnap reachable from the internet. The second lesson is to get a robust backup strategy that protect the data from any threat, not only ransomware.
Part of it is invested in intensifying the search for new vulnerabilities in internet exposed Qnaps and other NASes. Successful criminals are unlikely to quit but will of course come back for more. As long as people expose their NASes and pay the ransom, the ransomware threat will only get worse.Furthermore, I saw the emisoft tool was downloaded 17k times...17.000 x €1000 plus all the other tools used....I guess some people are looking for a new yacht now.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
-
- New here
- Posts: 3
- Joined: Tue Aug 09, 2022 2:45 pm
Re: [RANSOMWARE] Deadbolt
Hi everybody. I can't figure out my key. I paid to bc1q5pe2akjh4fvmrteqk2lz85stsezf0fwds5wzk9 and can't find the key. Could some kind soul help me, please!? Thanks!!!!!
- OneCD
- Guru
- Posts: 12147
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [RANSOMWARE] Deadbolt
Your decryption key is: 97695effc10fdc7e62e1a0322fc40ae9Barbreaker wrote: ↑Tue Aug 09, 2022 2:53 pmI paid to bc1q5pe2akjh4fvmrteqk2lz85stsezf0fwds5wzk9 and can't find the key.
-
- New here
- Posts: 3
- Joined: Tue Aug 09, 2022 2:45 pm
Re: [RANSOMWARE] Deadbolt
Thank you very much!!! It said that the key is correct but when i hit "Decrypt Files" it looks like nothing happens? How can i tell if it's working or ist there anything else to do?OneCD wrote: ↑Tue Aug 09, 2022 2:56 pmYour decryption key is: 97695effc10fdc7e62e1a0322fc40ae9Barbreaker wrote: ↑Tue Aug 09, 2022 2:53 pmI paid to bc1q5pe2akjh4fvmrteqk2lz85stsezf0fwds5wzk9 and can't find the key.
- OneCD
- Guru
- Posts: 12147
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [RANSOMWARE] Deadbolt
Hope this helps: https://www.qnap.com/en/how-to/faq/arti ... hould-i-doBarbreaker wrote: ↑Tue Aug 09, 2022 3:34 pmIt said that the key is correct but when i hit "Decrypt Files" it looks like nothing happens? How can i tell if it's working or ist there anything else to do?
-
- New here
- Posts: 3
- Joined: Tue Aug 09, 2022 2:45 pm
Re: [RANSOMWARE] Deadbolt
Just started with the EMSISOFT Decrypter. It takes a while till it starts decrypting - but it's working fine. First files are recovered
Thanks again for your help!
Thanks again for your help!
-
- New here
- Posts: 7
- Joined: Thu Jul 28, 2022 5:46 am
Re: [RANSOMWARE] Deadbolt
Ransom of 0.05 BTC was paid at bc1q8jvrqkpkdf6ermhcjvywgtvqkkr25t5dyw80sm.
I didn’t expect it but the app took 0.0006BTC fee. I am BTC-dumb so had to created Wallet account and transfers, in the hurry, just for this event.
The amount received on the other end was 0,0494BTC.
No OP_Return yet, but since I just did the transfer I should wait 24-48h.
My question: will the fee be a problem? Or is this common among newbies and they will probably deliver the key?
Thank you so much, I imagine the forum is run by volunteers. I have a deep though for you all, answering over and over our questions! You sure got my respect! In this story, it is clear who gets the good and who gets the bad karma.
I didn’t expect it but the app took 0.0006BTC fee. I am BTC-dumb so had to created Wallet account and transfers, in the hurry, just for this event.
The amount received on the other end was 0,0494BTC.
No OP_Return yet, but since I just did the transfer I should wait 24-48h.
My question: will the fee be a problem? Or is this common among newbies and they will probably deliver the key?
Thank you so much, I imagine the forum is run by volunteers. I have a deep though for you all, answering over and over our questions! You sure got my respect! In this story, it is clear who gets the good and who gets the bad karma.
- dolbyman
- Guru
- Posts: 35253
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] Deadbolt
wait a couple of days and see...only the criminals would know if they have have a threshold (unknown if processing of the rasnom keys is automated or manual)
-
- Experience counts
- Posts: 1814
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: [RANSOMWARE] Deadbolt
I'm pretty sure that (fee) was previously covered in this thread. As the process is (or could be) automated, and based on the posts of others, I wouldn't be surprised if you will end up having to pay the difference in order to get a decryption key. Nobody knows for sure, but that seems to be the trend. You are dealing with criminals after all and have no way to communicate with them. However, as I recall, some of the reports were due to the original ransom amount of 0.03 vs the newer ransom of 0.05 so you may get "lucky". Good luck, hope you will consider a backup in the future.
It makes me very sad to read about people paying to support criminal activity when a backup would be cheaper and not funding the next wave of attacks. A backup also protects you against a whole range of other situations.....
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
-
- First post
- Posts: 1
- Joined: Thu Aug 11, 2022 6:17 pm
Re: [RANSOMWARE] Deadbolt
Hello all, We are having a trouble, we have a QNAP server which has been attacked by some hackers and showing an error of Deadbolt. The hackers are asking for big money, is their any other solution to resolve the issue.
If anyone could help would be very helpful.
If anyone could help would be very helpful.
-
- New here
- Posts: 3
- Joined: Tue Dec 17, 2013 12:10 am
Re: [RANSOMWARE] Deadbolt
I have been trying to use photorec and qrescue.sh.
QNAP support are telling me the qrescue.sh is not compatible with DEADBOLT because "Deadbolt does not delete the files".
Has any one successfully recovered any Deadbolt files using the photorec/qrescue.sh approach?
QNAP support are telling me the qrescue.sh is not compatible with DEADBOLT because "Deadbolt does not delete the files".
Has any one successfully recovered any Deadbolt files using the photorec/qrescue.sh approach?
-
- Experience counts
- Posts: 1814
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: [RANSOMWARE] Deadbolt
Please read the very first post in this thread. Your backup or the ransom are your options at this time.mashlalani wrote: ↑Thu Aug 11, 2022 6:46 pm Hello all, We are having a trouble, we have a QNAP server which has been attacked by some hackers and showing an error of Deadbolt. The hackers are asking for big money, is their any other solution to resolve the issue.
If anyone could help would be very helpful.
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
-
- Experience counts
- Posts: 1814
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: [RANSOMWARE] Deadbolt
Already cover in this thread if you read it (starting with post #1).
Photorec is for QLocker and has had zero reported success with Deadbolt. Recovery from your backup or paying the ransom are your options at this time.
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
-
- New here
- Posts: 7
- Joined: Thu Jul 28, 2022 5:46 am
Re: [RANSOMWARE] Deadbolt
Ok, I hope the hardest steps to be over. I finally got the key! (I had to add the missing fee amount, and the Opreturn appeared in a minute)
About the back up advice, we all got it, at this point.
Depending of the files that got stolen, the amount of feelings can be very overwhelming; Anger, shame, guilt, regret, etc.
Even if in the end those who give the advice are right, it can be very hard to take when you are in the middle of dealing with all this sh*t.
Same for reminding us that criminals are behind this, and our money will just feed them… We all know it, and it hurts, but if we do it, it’s because we are out of options.
Repeating how dumb we are, for not to have made back-ups is not helping anyone. In that situation, we look for the solutions.
For myself, I am far from being the network administrator for a big company…It is not my profession. I am a freelancer in arts, working very hard to keep my business rolling. I can’t be perfect and know everything about every computer device I use.
So please, when someone is caught in the middle of this, try not to shame or guilt that person.
And I do think QNAP’s response is weak and disappointing, for the least.
In all cases, thank you so much for your time!