My transaction was not "exactly" 0.05 BTC, and still I got the correct OP_RETURN right away. It was 0,0500005 something like thishalibomb wrote: ↑Mon Oct 03, 2022 12:20 am Hi and thanks for all of you who have wrote your opinions here.
I do think still that I did not have an opportunity to copy the wrong BTC account since I returned the ransomnote index page using the notes in the first post.
However, I am angry at myself that I let the QNAP be on when I waited for the QNAP support in two occurences for a couple of days.
Then when I shutdown and a couple of days later had to pull the ransomnote account again I did notice that there was a different account number there.
That is why I suspected that I was hit twice. However, I do not know if the deadbolt would encrypt any files again that were already named with "deadbolt".
When I paid the 0.05 BTC from my wallet I paid a little bit more so that my provider had their costs.
I have seen examples here where the deadbolt account received just 0.05 BTC and then amounts that were a little bit more. Both received their OP_RETURN code.
What is your opinion what is the amount of cost that they needed to pay after I paid 0.05 BTC?
This is where are paid: bc1q4dfdt90pqh64ds2kxnkw5zsuxmm3mwvuwt82vd
Some say that you need to pay exactly 0.05 BTC (like the RABSOMNOTE itself) but then some have paid a little bit more? I will try to pay a little bit more to check this - What are your thoughs?
[RANSOMWARE] >>READ 1st Post<< Deadbolt
-
- New here
- Posts: 9
- Joined: Fri Sep 23, 2022 6:54 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
-
- New here
- Posts: 5
- Joined: Wed Sep 07, 2022 9:27 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Were you hit with deadbolt in the September 2022 wave? In that case, have you tried the payment address retrieval tool (link in the 1st post)? Maybe you could test it on a couple of encrypted files to see what payment address it returns.halibomb wrote: ↑Mon Oct 03, 2022 12:20 am Hi and thanks for all of you who have wrote your opinions here.
...
What is your opinion what is the amount of cost that they needed to pay after I paid 0.05 BTC?
This is where are paid: bc1q4dfdt90pqh64ds2kxnkw5zsuxmm3mwvuwt82vd
Some say that you need to pay exactly 0.05 BTC (like the RABSOMNOTE itself) but then some have paid a little bit more? I will try to pay a little bit more to check this - What are your thoughs?
Regarding the payment address that you mention (bc1q4dfdt90pqh64ds2kxnkw5zsuxmm3mwvuwt82vd), should it not be empty and without transactions prior to the ransom payment? Did you copy-paste the address from the ransom note page?
Last edited by RufRuf on Mon Oct 03, 2022 3:25 pm, edited 1 time in total.
-
- New here
- Posts: 3
- Joined: Wed Jun 11, 2008 3:07 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Thanks. If the tool is 100% working then you got this solved for me. I am the fool here. I paid to the wrong account. It was an expensive error that I must have made.RufRuf wrote: ↑Mon Oct 03, 2022 1:42 amWere you hit with deadbolt in the September 2022 wave? In that case, have you tried the payment address retrieval tool (link in the 1st post)? Maybe you could test it on a couple of encrypted files to see what payment address it returns.halibomb wrote: ↑Mon Oct 03, 2022 12:20 am Hi and thanks for all of you who have wrote your opinions here.
I do think still that I did not have an opportunity to copy the wrong BTC account since I returned the ransomnote index page using the notes in the first post.
However, I am angry at myself that I let the QNAP be on when I waited for the QNAP support in two occurences for a couple of days.
Then when I shutdown and a couple of days later had to pull the ransomnote account again I did notice that there was a different account number there.
That is why I suspected that I was hit twice. However, I do not know if the deadbolt would encrypt any files again that were already named with "deadbolt".
When I paid the 0.05 BTC from my wallet I paid a little bit more so that my provider had their costs.
I have seen examples here where the deadbolt account received just 0.05 BTC and then amounts that were a little bit more. Both received their OP_RETURN code.
What is your opinion what is the amount of cost that they needed to pay after I paid 0.05 BTC?
This is where are paid: bc1q4dfdt90pqh64ds2kxnkw5zsuxmm3mwvuwt82vd
Some say that you need to pay exactly 0.05 BTC (like the RABSOMNOTE itself) but then some have paid a little bit more? I will try to pay a little bit more to check this - What are your thoughs?
Regarding the payment address that you mention (bc1q4dfdt90pqh64ds2kxnkw5zsuxmm3mwvuwt82vd), should it not be empty and without transactions prior to the ransom payment? Did you copy-paste the address from the ransom note page?
Thank you for all you guys for helping. Now I will make the decision if I will forget about this or if I will pay it once more
-
- Experience counts
- Posts: 1822
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
You guys do realize you can remove some of the quoted non-relevant material when replying, right?
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
-
- New here
- Posts: 5
- Joined: Fri Sep 09, 2022 1:31 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Hello to everyboby.
Please can someone tell me how much are the commission costs for the bitcoin transfer?
Please can someone tell me how much are the commission costs for the bitcoin transfer?
-
- Experience counts
- Posts: 1822
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
The fee or commission is different for every BTC brokerage or bank that you use. You need to contact the support for whichever one you are using. They usually, at least one that I looked at, publish the fee amounts in the FAQ or other notice area on their website.
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
-
- New here
- Posts: 5
- Joined: Wed Sep 07, 2022 9:27 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
I thought I would share my experiences with being hit by deadbolt now that I managed to resolve the situation. Unfortunately, it meant that I had to pay 0.05 BTC to the criminals to get some quite important files back.
I have a QNAP TSL-269L, which was about 80% full (4TB) when deadbolt started doing its thing on September 3rd. I was away for the weekend so by the time I realized something was wrong, all files had already been encrypted (looking at the time stamps, it took about 14 hours for deadbolt to finish encrypting my files). To make things worse, I updated the firmware with the Android app on September 4th so I newer saw the deadbolt page with the payment information. QNAP helpdesk could not restore the deadbolt page so for a while it seemed that all hope was lost with retrieving my files. What saved me was the fact that the payment information is stored in every encrypted file in the September wave of deadbolt and that there is a tool for retrieving this information (link in the 1st post of this thread). There has been some discussion about whether this tool works. Some concern has, for example, been raised because the tool also generates valid bitcoin addresses for unencrypted files (the bitcoin amount is, however, off). I can’t speak for others, but at least for me the tool worked. I tested it with about ten files that were encrypted during different times of the process, and they all gave the same payment information. Once I transferred 0.05 BTC (I transferred the exact amount) to the address, I received the decryption code in less than a minute. The whole payment procedure (from purchasing bitcoins to receiving the decryption code) took less than 15 minutes.
As I had updated the firmware of the NAS, I had no access to deadbolts decryption tool. Therefore, I decided to use the Emsisoft decryption tool. It worked perfectly and it was reasonably fast on my laptop (I transferred the encrypted files to the hard drive of my windows laptop). I have read that some have had have problems with the Emsisoft tool in that it does not properly decrypt all types of files (for example videos). I did not encounter such problems (pictures, videos, PDF files, Excel files, etc. work just fine).
I also had professionals look at my NAS before I paid the ransom. They could salvage some files that had been deleted post encryption but, in my case, it was of little help. Maybe they could have salvaged more files if the NAS would have been less full.
I hope this information helps someone. I would like to end by saying that I am extremely grateful to everybody who have contributed to this thread. This forum has been crucial in bringing back my files.
I have a QNAP TSL-269L, which was about 80% full (4TB) when deadbolt started doing its thing on September 3rd. I was away for the weekend so by the time I realized something was wrong, all files had already been encrypted (looking at the time stamps, it took about 14 hours for deadbolt to finish encrypting my files). To make things worse, I updated the firmware with the Android app on September 4th so I newer saw the deadbolt page with the payment information. QNAP helpdesk could not restore the deadbolt page so for a while it seemed that all hope was lost with retrieving my files. What saved me was the fact that the payment information is stored in every encrypted file in the September wave of deadbolt and that there is a tool for retrieving this information (link in the 1st post of this thread). There has been some discussion about whether this tool works. Some concern has, for example, been raised because the tool also generates valid bitcoin addresses for unencrypted files (the bitcoin amount is, however, off). I can’t speak for others, but at least for me the tool worked. I tested it with about ten files that were encrypted during different times of the process, and they all gave the same payment information. Once I transferred 0.05 BTC (I transferred the exact amount) to the address, I received the decryption code in less than a minute. The whole payment procedure (from purchasing bitcoins to receiving the decryption code) took less than 15 minutes.
As I had updated the firmware of the NAS, I had no access to deadbolts decryption tool. Therefore, I decided to use the Emsisoft decryption tool. It worked perfectly and it was reasonably fast on my laptop (I transferred the encrypted files to the hard drive of my windows laptop). I have read that some have had have problems with the Emsisoft tool in that it does not properly decrypt all types of files (for example videos). I did not encounter such problems (pictures, videos, PDF files, Excel files, etc. work just fine).
I also had professionals look at my NAS before I paid the ransom. They could salvage some files that had been deleted post encryption but, in my case, it was of little help. Maybe they could have salvaged more files if the NAS would have been less full.
I hope this information helps someone. I would like to end by saying that I am extremely grateful to everybody who have contributed to this thread. This forum has been crucial in bringing back my files.
-
- New here
- Posts: 2
- Joined: Fri Oct 07, 2022 4:50 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Hi all,
I paid the 0.05BTC as requested to recover my QNAP, triple checked the address and paid extra to cover the transaction fee back in July 13, 2022 but never got the decryption key.
I've been checking for a transaction once a week, just assuming that they're taking their time but now I'm worried that they aren't going to send me the key.
Is there anything that I can do? I checked the address again today and it's definitely correct, and the amount I sent was definitely 0.05BTC.
I've attached some screenshots of the transaction and address.
Thanks
I paid the 0.05BTC as requested to recover my QNAP, triple checked the address and paid extra to cover the transaction fee back in July 13, 2022 but never got the decryption key.
I've been checking for a transaction once a week, just assuming that they're taking their time but now I'm worried that they aren't going to send me the key.
Is there anything that I can do? I checked the address again today and it's definitely correct, and the amount I sent was definitely 0.05BTC.
I've attached some screenshots of the transaction and address.
Thanks
You do not have the required permissions to view the files attached to this post.
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
No idea, where you have been looking!Dogeknight01 wrote: ↑Fri Oct 07, 2022 5:13 pm Hi all,
I paid the 0.05BTC as requested to recover my QNAP, triple checked the address and paid extra to cover the transaction fee back in July 13, 2022 but never got the decryption key.
...
Your OP_RETURN is b008627ffca4d0325c65b5397f1ce7ba
Regards
Edit: next time, when you hit by Deadbolt ( ) please post the BTC address in a text form so it can be copied.
I will never again typing such an address from a screenshot!
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- New here
- Posts: 5
- Joined: Wed Sep 07, 2022 9:27 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
That should be your decryption code -> b008627ffca4d0325c65b5397f1ce7baDogeknight01 wrote: ↑Fri Oct 07, 2022 5:13 pm Hi all,
I paid the 0.05BTC as requested to recover my QNAP, triple checked the address and paid extra to cover the transaction fee back in July 13, 2022 but never got the decryption key.
I've been checking for a transaction once a week, just assuming that they're taking their time but now I'm worried that they aren't going to send me the key.
Is there anything that I can do? I checked the address again today and it's definitely correct, and the amount I sent was definitely 0.05BTC.
I've attached some screenshots of the transaction and address.
Thanks
https://www.blockchain.com/btc/address/ ... t0xpu04ka7
If you click on Hash for the 0.00005460 BTC transaction and scroll all the way down you will see OP_RETURN with the decryption key.
-
- New here
- Posts: 5
- Joined: Thu Jun 13, 2013 4:11 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Hello everyone,
I am supporting someone who is going to pay the ransomware, but theyre coinbase account asks for a recipient address... What do we fill in? Or do we have to say “sending to myself”?
I am supporting someone who is going to pay the ransomware, but theyre coinbase account asks for a recipient address... What do we fill in? Or do we have to say “sending to myself”?
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Recipient address would be the ransom bitcoin address
-
- New here
- Posts: 5
- Joined: Thu Jun 13, 2013 4:11 am
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
I have sent bitcoin several times (to coinbase emails or blockchain adresses) never had to give any physical address... but your account (in whatever global jurisdiction you are) could be restricted, check with coinbase support
-
- New here
- Posts: 5
- Joined: Thu Jun 13, 2013 4:11 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Our customer states the same. Whats the risk of saying "Payment to myself"??
Coinbase support is down, but found the reason:
Its because our country wants to know
https://help.coinbase.com/en/coinbase/t ... -crypto-nl
Is there anyone in The Netherlands that came accross this?
Last edited by sp.boot on Sat Oct 08, 2022 2:02 am, edited 1 time in total.