[RANSOMWARE] >>READ 1st Post<< Deadbolt
-
- Experience counts
- Posts: 1812
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Many countries and / or BTC exchanges are clamping down on transfer as anti-money laundering rules and anti-ransomware measure come into effect.
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
- dolbyman
- Guru
- Posts: 35246
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
-
- New here
- Posts: 5
- Joined: Thu Jun 13, 2013 4:11 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
to be clear, does that mean money gets back to the original address?
Thank you for all your advise and time.
- dolbyman
- Guru
- Posts: 35246
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
That's up to Coinbase enforcing local nether-land laws. If they have a legal requirements to check all outgoing payments and one marked to 'yourself' turns out to be not to 'yourself' they might seize it and hand the case over to local authorities .. I do no know.
I personally in that case would transfer the money to a hardware wallet (owned and contolled by me) and then do a plain transaction to the blockchain from there
I personally in that case would transfer the money to a hardware wallet (owned and contolled by me) and then do a plain transaction to the blockchain from there
-
- New here
- Posts: 5
- Joined: Thu Jun 13, 2013 4:11 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Thanx. i understand.dolbyman wrote: ↑Sat Oct 08, 2022 2:21 am That's up to Coinbase enforcing local nether-land laws. If they have a legal requirements to check all outgoing payments and one marked to 'yourself' turns out to be not to 'yourself' they might seize it and hand the case over to local authorities .. I do no know.
I personally in that case would transfer the money to a hardware wallet (owned and contolled by me) and then do a plain transaction to the blockchain from there
- OneCD
- Guru
- Posts: 12144
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Or, you could post their key as a screenshot too:
-
- First post
- Posts: 1
- Joined: Sun Oct 09, 2022 3:28 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Hello All,
Just realized that my Qnap is also locked with DeadBolt....
Sept 4th is when my files were renamed....mostly media...however I did store all of my photo albums on the server.....I do want these back! I can sacrifice whatever else I had there but not the photos....
These guys are making out with a nice chunk of change here....$1K a pop...jeez
What is my chance of actually getting them decrypted?
I did install a firmware update after the attack...I lost the ransom page in effect.
I found the payment address via the Deadbolt Payment information tool as the other method from post #1 did not work...
Any thoughts?
Just realized that my Qnap is also locked with DeadBolt....
Sept 4th is when my files were renamed....mostly media...however I did store all of my photo albums on the server.....I do want these back! I can sacrifice whatever else I had there but not the photos....
These guys are making out with a nice chunk of change here....$1K a pop...jeez
What is my chance of actually getting them decrypted?
I did install a firmware update after the attack...I lost the ransom page in effect.
I found the payment address via the Deadbolt Payment information tool as the other method from post #1 did not work...
Any thoughts?
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
No other way then to pay!
Some have reported that qrescue have saved some files, but this is a very poor chance.
Regards
Some have reported that qrescue have saved some files, but this is a very poor chance.
Regards
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- Starting out
- Posts: 30
- Joined: Fri Jan 06, 2017 11:11 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
open a ticket with qnap, they were able to remotely take me to the deadbolt ransom page where I got the address from.grozadeals wrote: ↑Sun Oct 09, 2022 4:59 am Hello All,
Just realized that my Qnap is also locked with DeadBolt....
Sept 4th is when my files were renamed....mostly media...however I did store all of my photo albums on the server.....I do want these back! I can sacrifice whatever else I had there but not the photos....
These guys are making out with a nice chunk of change here....$1K a pop...jeez
What is my chance of actually getting them decrypted?
I did install a firmware update after the attack...I lost the ransom page in effect.
I found the payment address via the Deadbolt Payment information tool as the other method from post #1 did not work...
Any thoughts?
After paying ransom I got the decryption key and qnap deadbolt homepage said correct decryption key detected.
Then it said decrypting files and and took me to my regular qnap homepage.
But all files are still encrypted so I've reached back to qnap.
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Did you tried the Emissoft Decryptor as well?
If you have only be hit by Deadbolt (and not in addition by any other malware), then decryption worked as all affected users have been reported until now.
Regards
If you have only be hit by Deadbolt (and not in addition by any other malware), then decryption worked as all affected users have been reported until now.
Regards
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- New here
- Posts: 5
- Joined: Sun Sep 25, 2022 3:30 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
hello, I paid the randsom and did not get a valid decryption key, what should I do next?
The transaction ID: da89a57e12352aa201d10c00e8be766e7662e0c31d9c38d86e4e15ee4c48d70b
ANY help is appreciated
The transaction ID: da89a57e12352aa201d10c00e8be766e7662e0c31d9c38d86e4e15ee4c48d70b
ANY help is appreciated
- OneCD
- Guru
- Posts: 12144
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Your decryption key is: 6b4ccba37ab44ce41a95a987a97b6eab
-
- New here
- Posts: 5
- Joined: Sun Sep 25, 2022 3:30 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Hi, Thank you that is the correct key. Where was it located? I could not find the OP_RETURN anywhere...
-
- Experience counts
- Posts: 1812
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
viewtopic.php?p=818604#p818604
OneCD wrote: ↑Tue May 17, 2022 3:34 pm Use https://www.blockchain.com for this.
- When you've loaded that site, use the search bar (near the top-right of the web-page) and copy-paste your specific ransomware bitcoin address into the search field, then push <enter>.
That will take you to this page: https://www.blockchain.com/btc/address/ ... q27rm8857c
- Scroll down to the "Transactions" section.
- There are presently 2 transactions with this hash. We're interested in the transaction for +0.00005460 BTC, as this is the amount the hackers pay to the same bitcoin address to provide your decryption key. So, click on the "Hash" value for that transaction: https://www.blockchain.com/btc/tx/cf42a ... d6af367b18
- Now, we're on a new page with the transaction details. Scroll down to the "Outputs" section - it's the last one on the page.
- Then find index 2 (OP_RETURN). The attached hexadecimal number is the decryption key.
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
-
- New here
- Posts: 2
- Joined: Fri Oct 07, 2022 4:50 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
The decryption key worked! Thank you for your help.FSC830 wrote: ↑Fri Oct 07, 2022 5:31 pmNo idea, where you have been looking!Dogeknight01 wrote: ↑Fri Oct 07, 2022 5:13 pm Hi all,
I paid the 0.05BTC as requested to recover my QNAP, triple checked the address and paid extra to cover the transaction fee back in July 13, 2022 but never got the decryption key.
...
Your OP_RETURN is b008627ffca4d0325c65b5397f1ce7ba
Regards
Edit: next time, when you hit by Deadbolt ( ) please post the BTC address in a text form so it can be copied.
I will never again typing such an address from a screenshot!
I doubt that I'll be hit by Deadbolt again without having a working backup in place, I don't think there's many people out there who falls for the same mistake twice.
But if I do then I'll definitely post the BTC address.