[RANSOMWARE] >>READ 1st Post<< Deadbolt

[MarkSn]

My qnap, dropbox and onedrive got infected with the deadbolt ransomware on 29/7. Lesson; never backup your onedrive to the QNAP nas. Yesterday I decided to pay the 0,05BC and found the key. I used the emsisoft decrypted and the deadbolt decrypted. Both worked fine. Many thanks to all the people on this platform and especially to OneCD for the manual to find the OP_return code. It seems the hackers automated this process during their downtime since the code was available directly after transferring the bitcoins. Good luck to all of you still struggling.

Furthermore, I saw the emisoft tool was downloaded 17k times...17.000 x €1000 plus all the other tools used....I guess some people are looking for a new yacht now.

KR
Mark

[P3R]

My qnap, dropbox and onedrive got infected with the deadbolt ransomware on 29/7. Lesson; never backup your onedrive to the QNAP nas.

No that can't be the lesson. If you backup from Onedrive to the Qnap, Onedrive should still have your original files untouched.

The idea with a backup copy is that either the source data or the backup destination could be lost/corrupted/whatever but the other one will always be okay.

The most important lesson to learn is to stop having the Qnap reachable from the internet. The second lesson is to get a robust backup strategy that protect the data from any threat, not only ransomware.

Furthermore, I saw the emisoft tool was downloaded 17k times...17.000 x €1000 plus all the other tools used....I guess some people are looking for a new yacht now.

Part of it is invested in intensifying the search for new vulnerabilities in internet exposed Qnaps and other NASes. Successful criminals are unlikely to quit but will of course come back for more. As long as people expose their NASes and pay the ransom, the ransomware threat will only get worse.

[Barbreaker]

Hi everybody. I can't figure out my key. I paid to bc1q5pe2akjh4fvmrteqk2lz85stsezf0fwds5wzk9 and can't find the key. Could some kind soul help me, please!? Thanks!!!!!

[OneCD]

I paid to bc1q5pe2akjh4fvmrteqk2lz85stsezf0fwds5wzk9 and can't find the key.

Your decryption key is: 97695effc10fdc7e62e1a0322fc40ae9

[Barbreaker]

I paid to bc1q5pe2akjh4fvmrteqk2lz85stsezf0fwds5wzk9 and can't find the key.

Your decryption key is: 97695effc10fdc7e62e1a0322fc40ae9

Thank you very much!!! It said that the key is correct but when i hit "Decrypt Files" it looks like nothing happens? How can i tell if it's working or ist there anything else to do?

[OneCD]

It said that the key is correct but when i hit "Decrypt Files" it looks like nothing happens? How can i tell if it's working or ist there anything else to do?

Hope this helps: https://www.qnap.com/en/how-to/faq/arti ... hould-i-do

[Barbreaker]

Just started with the EMSISOFT Decrypter. It takes a while till it starts decrypting - but it's working fine. First files are recovered
Thanks again for your help!

[tomaii]

Ransom of 0.05 BTC was paid at bc1q8jvrqkpkdf6ermhcjvywgtvqkkr25t5dyw80sm.

I didn’t expect it but the app took 0.0006BTC fee. I am BTC-dumb so had to created Wallet account and transfers, in the hurry, just for this event.

The amount received on the other end was 0,0494BTC.

No OP_Return yet, but since I just did the transfer I should wait 24-48h.

My question: will the fee be a problem? Or is this common among newbies and they will probably deliver the key?

Thank you so much, I imagine the forum is run by volunteers. I have a deep though for you all, answering over and over our questions! You sure got my respect! In this story, it is clear who gets the good and who gets the bad karma.

[dolbyman]

wait a couple of days and see...only the criminals would know if they have have a threshold (unknown if processing of the rasnom keys is automated or manual)

[dosborne]

I didn’t expect it but the app took 0.0006BTC fee. I am BTC-dumb so had to created Wallet account and transfers, in the hurry, just for this event.
The amount received on the other end was 0,0494BTC.

I'm pretty sure that (fee) was previously covered in this thread. As the process is (or could be) automated, and based on the posts of others, I wouldn't be surprised if you will end up having to pay the difference in order to get a decryption key. Nobody knows for sure, but that seems to be the trend. You are dealing with criminals after all and have no way to communicate with them. However, as I recall, some of the reports were due to the original ransom amount of 0.03 vs the newer ransom of 0.05 so you may get "lucky". Good luck, hope you will consider a backup in the future.

It makes me very sad to read about people paying to support criminal activity when a backup would be cheaper and not funding the next wave of attacks. A backup also protects you against a whole range of other situations.....

[mashlalani]

Hello all, We are having a trouble, we have a QNAP server which has been attacked by some hackers and showing an error of Deadbolt. The hackers are asking for big money, is their any other solution to resolve the issue.
If anyone could help would be very helpful.

[george14]

I have been trying to use photorec and qrescue.sh.
QNAP support are telling me the qrescue.sh is not compatible with DEADBOLT because "Deadbolt does not delete the files".

Has any one successfully recovered any Deadbolt files using the photorec/qrescue.sh approach?

[dosborne]

Hello all, We are having a trouble, we have a QNAP server which has been attacked by some hackers and showing an error of Deadbolt. The hackers are asking for big money, is their any other solution to resolve the issue.
If anyone could help would be very helpful.

Please read the very first post in this thread. Your backup or the ransom are your options at this time.

[dosborne]

Has any one successfully recovered any Deadbolt files using the photorec/qrescue.sh approach?

Already cover in this thread if you read it (starting with post #1).

Photorec is for QLocker and has had zero reported success with Deadbolt. Recovery from your backup or paying the ransom are your options at this time.

[tomaii]

It makes me very sad to read about people paying to support criminal activity when a backup would be cheaper and not funding the next wave of attacks. A backup also protects you against a whole range of other situations.....

Ok, I hope the hardest steps to be over. I finally got the key! (I had to add the missing fee amount, and the Opreturn appeared in a minute)

About the back up advice, we all got it, at this point.

Depending of the files that got stolen, the amount of feelings can be very overwhelming; Anger, shame, guilt, regret, etc.

Even if in the end those who give the advice are right, it can be very hard to take when you are in the middle of dealing with all this sh*t.

Same for reminding us that criminals are behind this, and our money will just feed them… We all know it, and it hurts, but if we do it, it’s because we are out of options.

Repeating how dumb we are, for not to have made back-ups is not helping anyone. In that situation, we look for the solutions.

For myself, I am far from being the network administrator for a big company…It is not my profession. I am a freelancer in arts, working very hard to keep my business rolling. I can’t be perfect and know everything about every computer device I use.

So please, when someone is caught in the middle of this, try not to shame or guilt that person.

And I do think QNAP’s response is weak and disappointing, for the least.

In all cases, thank you so much for your time!