[RANSOMWARE] >>READ 1st Post<< Deadbolt

[OneCD]

Greetings...i am about to pay the ransom. Just want to make sure the hackers have been giving out keys RECENTLY. Please advise. Thanks.

There are no guarantees, but the hackers posted a decryption key as recently as 15 hours ago.

If you keep an eye on this address, each low-value outgoing payment is to the same address each ransomware victim paid-into. The outgoing payment is used to provide the victim with their decryption key.

At present, there appear to be fairly continuous outgoings, but they are reactionary: i.e. based-on victim payments. If no-one else paid the ransom amount, I expect the outgoings would stop too.

Also, what are the steps for making the payment via blockchain.com? Thanks.

Sorry, can't help there. I've neither bought nor sold any of the crypto-currencies. Maybe one-day I will, but I'm still waiting to see if it's just a fad that dies-out.

Maybe someone else can advise?

[dosborne]

Also, what are the steps for making the payment via blockchain.com? Thanks.

You should start by carefully reading post #1 in this thread. viewtopic.php?f=45&t=164797#p808527

In there, you will find lots of important information including a link to a users detailed story of what they did. The same process should work with other exchanges.

viewtopic.php?p=810191#p810191

[atlantis2000]

Greetings...i am about to pay the ransom. Just want to make sure the hackers have been giving out keys RECENTLY. Please advise. Thanks.

There are no guarantees, but the hackers posted a decryption key as recently as 15 hours ago.

If you keep an eye on this address, each low-value outgoing payment is to the same address each ransomware victim paid-into. The outgoing payment is used to provide the victim with their decryption key.

At present, there appear to be fairly continuous outgoings, but they are reactionary: i.e. based-on victim payments. If no-one else paid the ransom amount, I expect the outgoings would stop too.

Also, what are the steps for making the payment via blockchain.com? Thanks.

Sorry, can't help there. I've neither bought nor sold any of the crypto-currencies. Maybe one-day I will, but I'm still waiting to see if it's just a fad that dies-out.

Maybe someone else can advise?

@OneCD , you've helped so many of us. You are the best....I will go ahead and make payment and I know I will need your help finding the decryption key...
QUESTION: the address on that blockchain webpage is DIFFERENT from the one I have to send the payment to...how is that possible? Does that make sense? (Let me know if I need to clarify my question.) Thank you in advance for your help!!!!!!

[dosborne]

\....I will go ahead I know I will need your help finding the decryption key...

Instructions on how to get your key have been posted many times. No need for help, just follow the directions.
viewtopic.php?p=818604#p818604

[atlantis2000]

\....I will go ahead I know I will need your help finding the decryption key...

Instructions on how to get your key have been posted many times. No need for help, just follow the directions.
viewtopic.php?p=818604#p818604

@dosborne ..thank you...the address I need to send payment to is 41 characters long,... is that how long these addresses are???

[dosborne]

There are many examples in this thread so you can do your own comparison

One example of many viewtopic.php?f=45&t=164797&start=1230#p824014

[Geraud W]

Hey OneCD

how were you able to get decryption key I looked and blockchain and could not find OPT_RETURN for that transaction.

The OP_RETURN we need is posted under the hacker’s follow-up payment of +0.00005460 BTC into the same BTC address the victim pays into.

So, if we have the victim’s payment transaction hash, we need to check for other transactions on the address they paid into. This is how I found the decryption key.

--
OneCD, i did'nt found my BTC adress to pay. Probably the update of the NAS firmware deleted it.
We can imagine with some info of my nas, that the ransomer could give me the BTC address, no?

[atlantis2000]

Greetings...i am about to pay the ransom. Just want to make sure the hackers have been giving out keys RECENTLY. Please advise. Thanks.

There are no guarantees, but the hackers posted a decryption key as recently as 15 hours ago.

If you keep an eye on this address, each low-value outgoing payment is to the same address each ransomware victim paid-into. The outgoing payment is used to provide the victim with their decryption key.

At present, there appear to be fairly continuous outgoings, but they are reactionary: i.e. based-on victim payments. If no-one else paid the ransom amount, I expect the outgoings would stop too.

Also, what are the steps for making the payment via blockchain.com? Thanks.

Sorry, can't help there. I've neither bought nor sold any of the crypto-currencies. Maybe one-day I will, but I'm still waiting to see if it's just a fad that dies-out.

Maybe someone else can advise?

@OneCD , you've helped so many of us. You are the best....I will go ahead and make payment and I know I will need your help finding the decryption key...
QUESTION: the address on that blockchain webpage is DIFFERENT from the one I have to send the payment to...how is that possible? Does that make sense? (Let me know if I need to clarify my question.) Thank you in advance for your help!!!!!!

@OneCD
ARGH!!! Looks like a don't have enough funds in my account by a very very small amount. I need to pay 0.05 and my account has 0.04999....ARGH!!! now I have to wait and deposit from my bank which will take 3 biz days...ARGH!

[OneCD]

QUESTION: the address on that blockchain webpage is DIFFERENT from the one I have to send the payment to...how is that possible? Does that make sense?

Correct, each victim pays their ransom to a different BTC address. However, all decryption keys (so-far) originate from the same address.

[OneCD]

OneCD, i did'nt found my BTC adress to pay. Probably the update of the NAS firmware deleted it.
We can imagine with some info of my nas, that the ransomer could give me the BTC address, no?

No, I don't think that'll work.

This is just speculation based on the posts I've read: the ransomware is run as a "live" (realtime) attack and there's nothing particularly special (or identifying) about each person’s NAS. So, the attack server could quite-easily encrypt userdata with a randomly generated key, which also creates a BTC address on-the-fly to suit that key. It would mean there's no-way to determine the encryption key used on a specific user's NAS. Even the hackers couldn't tell.

There's also no-way to communicate with the hackers to verify this.

[OneCD]

ARGH!!! Looks like a don't have enough funds in my account by a very very small amount. I need to pay 0.05 and my account has 0.04999....ARGH!!! now I have to wait and deposit from my bank which will take 3 biz days...ARGH!

Use this time to design a regular backup schedule for your NAS data. These backups should be onto external storage (USB drives, another NAS, cloud, etc...), but not into the same NAS.

[atlantis2000]

ARGH!!! Looks like a don't have enough funds in my account by a very very small amount. I need to pay 0.05 and my account has 0.04999....ARGH!!! now I have to wait and deposit from my bank which will take 3 biz days...ARGH!

Use this time to design a regular backup schedule for your NAS data. These backups should be onto external storage (USB drives, another NAS, cloud, etc...), but not into the same NAS.

BTC went down quite a bit today and was able to squeeze in my amount by 67 cents !!! LOL
Made the payment and now waiting for the key (praying)

[atlantis2000]

ARGH!!! Looks like a don't have enough funds in my account by a very very small amount. I need to pay 0.05 and my account has 0.04999....ARGH!!! now I have to wait and deposit from my bank which will take 3 biz days...ARGH!

Use this time to design a regular backup schedule for your NAS data. These backups should be onto external storage (USB drives, another NAS, cloud, etc...), but not into the same NAS.

BTC went down quite a bit today and was able to squeeze in my amount by 67 cents !!! LOL
Made the payment and now waiting for the key (praying)

@OneCD
I just want to make sure I am using the correct key...my payment was made to: bc1qf3844gkm0sqphhf3qyqf3qg0ky034gckca82tu
I used the steps on the blockchain website. Can you double check for me please. What is my key?
Thank you !!!!

[dolbyman]

I think your key is

a798b65ff606c34e65460ad22d600e29

https://www.blockchain.com/btc/tx/5c23d ... f198093c24

[atlantis2000]

I think your key is

a798b65ff606c34e65460ad22d600e29

https://www.blockchain.com/btc/tx/5c23d ... f198093c24

Now I am confused.I thought my key was :
bc1qh6pku7gg2d6pw87z3t4f6d4rk6c48ajvsmfjjl