Your decryption key is: 69b0a606e8b8bdcaad9d5717d35e9e51atlantis2000 wrote: ↑Sat Aug 20, 2022 5:47 am @OneCD
I just want to make sure I am using the correct key...my payment was made to: bc1qf3844gkm0sqphhf3qyqf3qg0ky034gckca82tu
I used the steps on the blockchain website. Can you double check for me please. What is my key?
[RANSOMWARE] >>READ 1st Post<< Deadbolt
- OneCD
- Guru
- Posts: 12144
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [RANSOMWARE] Deadbolt
Last edited by OneCD on Sat Aug 20, 2022 12:37 pm, edited 1 time in total.
Reason: fixed key
Reason: fixed key
- dolbyman
- Guru
- Posts: 35246
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] Deadbolt
No that is the payment wallet address, they key is in an OP_Return on that wallet address (as I posted)
- dolbyman
- Guru
- Posts: 35246
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
- jaysona
- Been there, done that
- Posts: 854
- Joined: Tue Dec 02, 2008 11:26 am
- Location: Somewhere in the Great White North
Re: [RANSOMWARE] Deadbolt
Yes, you are.atlantis2000 wrote: ↑Sat Aug 20, 2022 6:01 am
Now I am confused.I thought my key was :
bc1qh6pku7gg2d6pw87z3t4f6d4rk6c48ajvsmfjjl
The unique OP_RETURN value is what is used as the unique decryption key for each NAS that has been compromised.
RAID is not a Back-up!
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
-
- Starting out
- Posts: 11
- Joined: Fri Oct 19, 2018 8:19 pm
Re: [RANSOMWARE] Deadbolt
OneCD wrote: ↑Sat Aug 20, 2022 6:08 amYour decryption key is: 69b0a606e8b8bdcaad9d5717d35e9e5atlantis2000 wrote: ↑Sat Aug 20, 2022 5:47 am @OneCD
I just want to make sure I am using the correct key...my payment was made to: bc1qf3844gkm0sqphhf3qyqf3qg0ky034gckca82tu
I used the steps on the blockchain website. Can you double check for me please. What is my key?
@OneCD
When I looked through the webpage: https://www.blockchain.com/btc/tx/ee695 ... e2a401acbb
And scroll to the bottom, after OP_RETURN
69b0a606e8b8bdcaad9d5717d35e9e51
NOTE: there is a "1" at the end; is that correct? because initially you wrote: 69b0a606e8b8bdcaad9d5717d35e9e5
Which one is correct?
Thank you!!
- OneCD
- Guru
- Posts: 12144
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [RANSOMWARE] Deadbolt
Oops, copypaste error.atlantis2000 wrote: ↑Sat Aug 20, 2022 12:26 pm NOTE: there is a "1" at the end; is that correct? because initially you wrote: 69b0a606e8b8bdcaad9d5717d35e9e5
Which one is correct?
Thank you!!
Yes, it ends in a 1.
So, the correct key is: 69b0a606e8b8bdcaad9d5717d35e9e51
-
- First post
- Posts: 1
- Joined: Sat Aug 20, 2022 4:36 pm
Re: [RANSOMWARE] Deadbolt
Is there a way to find out my bitcoin address ,
I only backup my encrypted files and format my nas...QQ
I only backup my encrypted files and format my nas...QQ
-
- Experience counts
- Posts: 1813
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: [RANSOMWARE] Deadbolt
Unlikely.
You need one of the following
- The "deadbolt" ransomware page (or a screen capture of it) to get the address
- /mnt/HDA_ROOT/update_pkg/SSDPd.bin which is the original deadbold attack file that will recreate the html page.
It also depends on how you erased your NAS.
If the quarantine area still exists (no further FW updates) then *maybe* you can recover the files from there. Contact QNAP support to see if there is anything you can do.
Save the backup of the encrypted files in case there is a miracle at some future date. Otherwise, unless you can get the address (and unfortunately pay the ransom) then you as SOL.
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
-
- Starting out
- Posts: 11
- Joined: Fri Oct 19, 2018 8:19 pm
Re: [RANSOMWARE] Deadbolt
OneCD wrote: ↑Sat Aug 20, 2022 12:38 pmOops, copypaste error.atlantis2000 wrote: ↑Sat Aug 20, 2022 12:26 pm NOTE: there is a "1" at the end; is that correct? because initially you wrote: 69b0a606e8b8bdcaad9d5717d35e9e5
Which one is correct?
Thank you!!
Yes, it ends in a 1.
So, the correct key is: 69b0a606e8b8bdcaad9d5717d35e9e51
No Problem...thanks for your prompt responses..really appreciate it. Will let you know how I make out.
Thank you
-
- New here
- Posts: 2
- Joined: Tue Aug 23, 2022 2:20 am
Re: [RANSOMWARE] Deadbolt
I am way late to the party here... I found out last night that my NAS has been fully deadbolted, and it was my only backup for some family photos and other important documents.
I have skimmed a portion of posts and am not seeing options other than pay the ransom. Has anyone found another way to decrypt files without paying the ransom?
I am not an IT expert, so please be nice.
I have skimmed a portion of posts and am not seeing options other than pay the ransom. Has anyone found another way to decrypt files without paying the ransom?
I am not an IT expert, so please be nice.
- dolbyman
- Guru
- Posts: 35246
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] Deadbolt
That's because there is no other way .. if the NAS was a backup , then you still have another version of the files.
If not, then the NAS was NOT a backup and you either pay or will probably lose these files forever
If not, then the NAS was NOT a backup and you either pay or will probably lose these files forever
-
- Experience counts
- Posts: 1813
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: [RANSOMWARE] Deadbolt
Still a good idea to take an actual backup just in case there is an option at some future date to recover them.
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
-
- New here
- Posts: 2
- Joined: Tue Aug 23, 2022 2:20 am
Re: [RANSOMWARE] Deadbolt
I will be making a backup going forward. Has anyone here had any contact with QNAP on this issue? I am feeling like they should own up to this to some degree.
Looking back through emails, I noticed QNAP sent me an email on July 8 to strongly suggest I update the firmware. My files were deadlocked 3 days later. I don't think I even noticed the email from QNAP.
Looking back through emails, I noticed QNAP sent me an email on July 8 to strongly suggest I update the firmware. My files were deadlocked 3 days later. I don't think I even noticed the email from QNAP.
- jaysona
- Been there, done that
- Posts: 854
- Joined: Tue Dec 02, 2008 11:26 am
- Location: Somewhere in the Great White North
Re: [RANSOMWARE] Deadbolt
QNAP has pretty much absolved themselves of having any sort of responsibility or culpability when it comes to the repeatedly successful malware attacks.
QNAP says they have a PSIRT (Product Security Incident Response Team) which seems to be more of a PR/marketing arm than anything else and they send their security emails, so ya, they now have "secuity" covered.
The fact that QNAP actively and (arguable) aggressively marketed their products as private cloud that every non-technical non tech-savvy user should be accessible from the Internet seems to be met with QNAP's deaf ears and a muted response.
QNAP *could* be forgiven for their first couple of successful zero-authentication malware attacks that started with qsnatch back in 2014, there is no excuse for these same attack vectors to still be repeatedly exploited successfully eight years later.
I think a class action lawsuit is about the only avenue anyone affected has at getting some sort of restitution from QNAP.
RAID is not a Back-up!
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
-
- Experience counts
- Posts: 1813
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: [RANSOMWARE] Deadbolt
Never a bad idea to check the advisories every couple weeks
https://www.qnap.com/en/security-advisories
Signup for critical notifications and create a rule, policy, whatever in your email system to mark it important, or put in an urgent folder etc. I have mine set to text me alerts for critical issues, power outages, failures etc. If I get a text, I know something urgently needs to be looked at.
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]