[RANSOMWARE] >>READ 1st Post<< Deadbolt

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply
Sprinkler_BLK
New here
Posts: 9
Joined: Fri Sep 23, 2022 6:54 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by Sprinkler_BLK »

dolbyman wrote: Fri Sep 30, 2022 6:39 am when it comes to crypto, there is lots of shady figures around (see any reddit topic revolving about crypto) ... so, as said, new accounts raise suspicion here..

greetings to Poland...the stolen car capitals of Europe *wink*
It was like you said --- at 90' :D
FSC830
Experience counts
Posts: 2043
Joined: Thu Mar 03, 2016 1:11 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by FSC830 »

halibomb wrote: Tue Sep 27, 2022 4:07 pm I was hit and like some other morons I had let my USB backup drive attached to my Qnap NAS. Lost so much...so I had to pay. I managed to get my wallet working and paid the 0.05 BTC on Friday 23. September. I have not received the OP_RETURN code yet and I am pretty annoyed if I do not get it. However, I read from somewhere here that somebody got the OP_RETURN after 4 days.
I can see that the amount went through and it was 0.05 but some people have paid a little bit more. I wonder if I have to pay a small amount covering the fee that they pay after my 0.05 BTC payment???

This is where are paid: bc1q4dfdt90pqh64ds2kxnkw5zsuxmm3mwvuwt82vd

...
Still no found an OP_RETURN for you. Are you sure, you transferred the correct amount of BTC? 0.05BTC plus the fee for your transaction? If hackers did get less than 0.05BTC no OP_RETURN will be delivered.
About the fee you have to ask your BTC "trader, wallet provider" or whatever this will be called.

Regards
RufRuf
New here
Posts: 5
Joined: Wed Sep 07, 2022 9:27 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by RufRuf »

FSC830 wrote: Fri Sep 30, 2022 7:19 pm
halibomb wrote: Tue Sep 27, 2022 4:07 pm I was hit and like some other morons I had let my USB backup drive attached to my Qnap NAS. Lost so much...so I had to pay. I managed to get my wallet working and paid the 0.05 BTC on Friday 23. September. I have not received the OP_RETURN code yet and I am pretty annoyed if I do not get it. However, I read from somewhere here that somebody got the OP_RETURN after 4 days.
I can see that the amount went through and it was 0.05 but some people have paid a little bit more. I wonder if I have to pay a small amount covering the fee that they pay after my 0.05 BTC payment???

This is where are paid: bc1q4dfdt90pqh64ds2kxnkw5zsuxmm3mwvuwt82vd

...
Still no found an OP_RETURN for you. Are you sure, you transferred the correct amount of BTC? 0.05BTC plus the fee for your transaction? If hackers did get less than 0.05BTC no OP_RETURN will be delivered.
About the fee you have to ask your BTC "trader, wallet provider" or whatever this will be called.

Regards
Why are there four transactions (one from as early as 2021) prior to the 23rd Sept transaction? What I have seen, there are usually two. I have basically zero experience of dealing with bitcoin so it might be normal, but it seems different from other payment addresses that I have had a look at during the past month that I have been following the discussion.
FSC830
Experience counts
Posts: 2043
Joined: Thu Mar 03, 2016 1:11 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by FSC830 »

I am also not very familiar with BTC and crypto currencies (not affected by Deadbolt) :wink: .
Cant answer your question, have seen different amount of transactions so far (sometimes 2, sometimes 3).
No idea why.
But is off-topic here. Somewhere was an extra thread about Bitcoin.
May be you can continue here or create a new one?

Regards
Sprinkler_BLK
New here
Posts: 9
Joined: Fri Sep 23, 2022 6:54 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by Sprinkler_BLK »

RufRuf wrote: Fri Sep 30, 2022 11:03 pm
FSC830 wrote: Fri Sep 30, 2022 7:19 pm
halibomb wrote: Tue Sep 27, 2022 4:07 pm I was hit and like some other morons I had let my USB backup drive attached to my Qnap NAS. Lost so much...so I had to pay. I managed to get my wallet working and paid the 0.05 BTC on Friday 23. September. I have not received the OP_RETURN code yet and I am pretty annoyed if I do not get it. However, I read from somewhere here that somebody got the OP_RETURN after 4 days.
I can see that the amount went through and it was 0.05 but some people have paid a little bit more. I wonder if I have to pay a small amount covering the fee that they pay after my 0.05 BTC payment???

This is where are paid: bc1q4dfdt90pqh64ds2kxnkw5zsuxmm3mwvuwt82vd

...
Still no found an OP_RETURN for you. Are you sure, you transferred the correct amount of BTC? 0.05BTC plus the fee for your transaction? If hackers did get less than 0.05BTC no OP_RETURN will be delivered.
About the fee you have to ask your BTC "trader, wallet provider" or whatever this will be called.

Regards
Why are there four transactions (one from as early as 2021) prior to the 23rd Sept transaction? What I have seen, there are usually two. I have basically zero experience of dealing with bitcoin so it might be normal, but it seems different from other payment addresses that I have had a look at during the past month that I have been following the discussion.

in my opinion the payment was made to the wrong bitcoin address or with the wrong amount. from what I read I am not convinced that the victim copied the correct address from his server. other transactions of this type are usually 2 ( mine also: bc1qe4gdhjgj45qckarra7z78glaautg4ggtapwueu). After confirming the payment in the same minute was generated OP_RETURN. Which gives the belief that if everything is correct the rest is done automatically.
You do not have the required permissions to view the files attached to this post.
halibomb
New here
Posts: 3
Joined: Wed Jun 11, 2008 3:07 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by halibomb »

Hi and thanks for all of you who have wrote your opinions here.

I do think still that I did not have an opportunity to copy the wrong BTC account since I returned the ransomnote index page using the notes in the first post.

However, I am angry at myself that I let the QNAP be on when I waited for the QNAP support in two occurences for a couple of days.
Then when I shutdown and a couple of days later had to pull the ransomnote account again I did notice that there was a different account number there.
That is why I suspected that I was hit twice. However, I do not know if the deadbolt would encrypt any files again that were already named with "deadbolt".

When I paid the 0.05 BTC from my wallet I paid a little bit more so that my provider had their costs.
I have seen examples here where the deadbolt account received just 0.05 BTC and then amounts that were a little bit more. Both received their OP_RETURN code.

What is your opinion what is the amount of cost that they needed to pay after I paid 0.05 BTC?
This is where are paid: bc1q4dfdt90pqh64ds2kxnkw5zsuxmm3mwvuwt82vd

Some say that you need to pay exactly 0.05 BTC (like the RABSOMNOTE itself) but then some have paid a little bit more? I will try to pay a little bit more to check this - What are your thoughs?
davide1984
New here
Posts: 2
Joined: Thu Sep 29, 2022 12:43 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by davide1984 »

Thank's Sprinkler_BLK, and to everyone who helped me.
Last edited by OneCD on Mon Oct 03, 2022 3:05 am, edited 1 time in total.
Reason: fixed quoting
Sprinkler_BLK
New here
Posts: 9
Joined: Fri Sep 23, 2022 6:54 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by Sprinkler_BLK »

halibomb wrote: Mon Oct 03, 2022 12:20 am Hi and thanks for all of you who have wrote your opinions here.

I do think still that I did not have an opportunity to copy the wrong BTC account since I returned the ransomnote index page using the notes in the first post.

However, I am angry at myself that I let the QNAP be on when I waited for the QNAP support in two occurences for a couple of days.
Then when I shutdown and a couple of days later had to pull the ransomnote account again I did notice that there was a different account number there.
That is why I suspected that I was hit twice. However, I do not know if the deadbolt would encrypt any files again that were already named with "deadbolt".

When I paid the 0.05 BTC from my wallet I paid a little bit more so that my provider had their costs.
I have seen examples here where the deadbolt account received just 0.05 BTC and then amounts that were a little bit more. Both received their OP_RETURN code.

What is your opinion what is the amount of cost that they needed to pay after I paid 0.05 BTC?
This is where are paid: bc1q4dfdt90pqh64ds2kxnkw5zsuxmm3mwvuwt82vd

Some say that you need to pay exactly 0.05 BTC (like the RABSOMNOTE itself) but then some have paid a little bit more? I will try to pay a little bit more to check this - What are your thoughs?
My transaction was not "exactly" 0.05 BTC, and still I got the correct OP_RETURN right away. It was 0,0500005 something like this
RufRuf
New here
Posts: 5
Joined: Wed Sep 07, 2022 9:27 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by RufRuf »

halibomb wrote: Mon Oct 03, 2022 12:20 am Hi and thanks for all of you who have wrote your opinions here.
...

What is your opinion what is the amount of cost that they needed to pay after I paid 0.05 BTC?
This is where are paid: bc1q4dfdt90pqh64ds2kxnkw5zsuxmm3mwvuwt82vd

Some say that you need to pay exactly 0.05 BTC (like the RABSOMNOTE itself) but then some have paid a little bit more? I will try to pay a little bit more to check this - What are your thoughs?
Were you hit with deadbolt in the September 2022 wave? In that case, have you tried the payment address retrieval tool (link in the 1st post)? Maybe you could test it on a couple of encrypted files to see what payment address it returns.
Regarding the payment address that you mention (bc1q4dfdt90pqh64ds2kxnkw5zsuxmm3mwvuwt82vd), should it not be empty and without transactions prior to the ransom payment? Did you copy-paste the address from the ransom note page?
Last edited by RufRuf on Mon Oct 03, 2022 3:25 pm, edited 1 time in total.
halibomb
New here
Posts: 3
Joined: Wed Jun 11, 2008 3:07 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by halibomb »

RufRuf wrote: Mon Oct 03, 2022 1:42 am
halibomb wrote: Mon Oct 03, 2022 12:20 am Hi and thanks for all of you who have wrote your opinions here.

I do think still that I did not have an opportunity to copy the wrong BTC account since I returned the ransomnote index page using the notes in the first post.

However, I am angry at myself that I let the QNAP be on when I waited for the QNAP support in two occurences for a couple of days.
Then when I shutdown and a couple of days later had to pull the ransomnote account again I did notice that there was a different account number there.
That is why I suspected that I was hit twice. However, I do not know if the deadbolt would encrypt any files again that were already named with "deadbolt".

When I paid the 0.05 BTC from my wallet I paid a little bit more so that my provider had their costs.
I have seen examples here where the deadbolt account received just 0.05 BTC and then amounts that were a little bit more. Both received their OP_RETURN code.

What is your opinion what is the amount of cost that they needed to pay after I paid 0.05 BTC?
This is where are paid: bc1q4dfdt90pqh64ds2kxnkw5zsuxmm3mwvuwt82vd

Some say that you need to pay exactly 0.05 BTC (like the RABSOMNOTE itself) but then some have paid a little bit more? I will try to pay a little bit more to check this - What are your thoughs?
Were you hit with deadbolt in the September 2022 wave? In that case, have you tried the payment address retrieval tool (link in the 1st post)? Maybe you could test it on a couple of encrypted files to see what payment address it returns.
Regarding the payment address that you mention (bc1q4dfdt90pqh64ds2kxnkw5zsuxmm3mwvuwt82vd), should it not be empty and without transactions prior to the ransom payment? Did you copy-paste the address from the ransom note page?
Thanks. If the tool is 100% working then you got this solved for me. I am the fool here. I paid to the wrong account. It was an expensive error that I must have made.
Thank you for all you guys for helping. Now I will make the decision if I will forget about this or if I will pay it once more :oops:
dosborne
Experience counts
Posts: 1791
Joined: Tue May 29, 2018 3:02 am
Location: Ottawa, Ontario, Canada

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by dosborne »

You guys do realize you can remove some of the quoted non-relevant material when replying, right?
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
Gabriel83
New here
Posts: 5
Joined: Fri Sep 09, 2022 1:31 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by Gabriel83 »

Hello to everyboby.
Please can someone tell me how much are the commission costs for the bitcoin transfer?
dosborne
Experience counts
Posts: 1791
Joined: Tue May 29, 2018 3:02 am
Location: Ottawa, Ontario, Canada

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by dosborne »

Gabriel83 wrote: Thu Oct 06, 2022 9:27 am Please can someone tell me how much are the commission costs for the bitcoin transfer?
The fee or commission is different for every BTC brokerage or bank that you use. You need to contact the support for whichever one you are using. They usually, at least one that I looked at, publish the fee amounts in the FAQ or other notice area on their website.
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
RufRuf
New here
Posts: 5
Joined: Wed Sep 07, 2022 9:27 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by RufRuf »

I thought I would share my experiences with being hit by deadbolt now that I managed to resolve the situation. Unfortunately, it meant that I had to pay 0.05 BTC to the criminals to get some quite important files back.

I have a QNAP TSL-269L, which was about 80% full (4TB) when deadbolt started doing its thing on September 3rd. I was away for the weekend so by the time I realized something was wrong, all files had already been encrypted (looking at the time stamps, it took about 14 hours for deadbolt to finish encrypting my files). To make things worse, I updated the firmware with the Android app on September 4th so I newer saw the deadbolt page with the payment information. QNAP helpdesk could not restore the deadbolt page so for a while it seemed that all hope was lost with retrieving my files. What saved me was the fact that the payment information is stored in every encrypted file in the September wave of deadbolt and that there is a tool for retrieving this information (link in the 1st post of this thread). There has been some discussion about whether this tool works. Some concern has, for example, been raised because the tool also generates valid bitcoin addresses for unencrypted files (the bitcoin amount is, however, off). I can’t speak for others, but at least for me the tool worked. I tested it with about ten files that were encrypted during different times of the process, and they all gave the same payment information. Once I transferred 0.05 BTC (I transferred the exact amount) to the address, I received the decryption code in less than a minute. The whole payment procedure (from purchasing bitcoins to receiving the decryption code) took less than 15 minutes.

As I had updated the firmware of the NAS, I had no access to deadbolts decryption tool. Therefore, I decided to use the Emsisoft decryption tool. It worked perfectly and it was reasonably fast on my laptop (I transferred the encrypted files to the hard drive of my windows laptop). I have read that some have had have problems with the Emsisoft tool in that it does not properly decrypt all types of files (for example videos). I did not encounter such problems (pictures, videos, PDF files, Excel files, etc. work just fine).

I also had professionals look at my NAS before I paid the ransom. They could salvage some files that had been deleted post encryption but, in my case, it was of little help. Maybe they could have salvaged more files if the NAS would have been less full.

I hope this information helps someone. I would like to end by saying that I am extremely grateful to everybody who have contributed to this thread. This forum has been crucial in bringing back my files.
Dogeknight01
New here
Posts: 2
Joined: Fri Oct 07, 2022 4:50 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by Dogeknight01 »

Hi all,
I paid the 0.05BTC as requested to recover my QNAP, triple checked the address and paid extra to cover the transaction fee back in July 13, 2022 but never got the decryption key.
I've been checking for a transaction once a week, just assuming that they're taking their time but now I'm worried that they aren't going to send me the key.
Is there anything that I can do? I checked the address again today and it's definitely correct, and the amount I sent was definitely 0.05BTC.
I've attached some screenshots of the transaction and address.
Thanks
You do not have the required permissions to view the files attached to this post.
Post Reply

Return to “Users' Corner”