[RANSOMWARE] >>READ 1st Post<< Deadbolt

[dosborne]

Many countries and / or BTC exchanges are clamping down on transfer as anti-money laundering rules and anti-ransomware measure come into effect.

[dolbyman]

Our customer states the same. Whats the risk of saying "Payment to myself"??

Worst case the transaction could be frozen and assets seized ...

[sp.boot]

Our customer states the same. Whats the risk of saying "Payment to myself"??

Worst case the transaction could be frozen and assets seized ...

to be clear, does that mean money gets back to the original address?
Thank you for all your advise and time.

[dolbyman]

That's up to Coinbase enforcing local nether-land laws. If they have a legal requirements to check all outgoing payments and one marked to 'yourself' turns out to be not to 'yourself' they might seize it and hand the case over to local authorities .. I do no know.

I personally in that case would transfer the money to a hardware wallet (owned and contolled by me) and then do a plain transaction to the blockchain from there

[sp.boot]

That's up to Coinbase enforcing local nether-land laws. If they have a legal requirements to check all outgoing payments and one marked to 'yourself' turns out to be not to 'yourself' they might seize it and hand the case over to local authorities .. I do no know.

I personally in that case would transfer the money to a hardware wallet (owned and contolled by me) and then do a plain transaction to the blockchain from there

Thanx. i understand.

[OneCD]

Edit: next time, when you hit by Deadbolt ( ) please post the BTC address in a text form so it can be copied.
I will never again typing such an address from a screenshot!

Or, you could post their key as a screenshot too:

[grozadeals]

Hello All,

Just realized that my Qnap is also locked with DeadBolt....
Sept 4th is when my files were renamed....mostly media...however I did store all of my photo albums on the server.....I do want these back! I can sacrifice whatever else I had there but not the photos....
These guys are making out with a nice chunk of change here....$1K a pop...jeez
What is my chance of actually getting them decrypted?

I did install a firmware update after the attack...I lost the ransom page in effect.

I found the payment address via the Deadbolt Payment information tool as the other method from post #1 did not work...

Any thoughts?

[FSC830]

No other way then to pay!
Some have reported that qrescue have saved some files, but this is a very poor chance.

Regards

[Geronemo3]

Hello All,

Just realized that my Qnap is also locked with DeadBolt....
Sept 4th is when my files were renamed....mostly media...however I did store all of my photo albums on the server.....I do want these back! I can sacrifice whatever else I had there but not the photos....
These guys are making out with a nice chunk of change here....$1K a pop...jeez
What is my chance of actually getting them decrypted?

I did install a firmware update after the attack...I lost the ransom page in effect.

I found the payment address via the Deadbolt Payment information tool as the other method from post #1 did not work...

Any thoughts?

open a ticket with qnap, they were able to remotely take me to the deadbolt ransom page where I got the address from.
After paying ransom I got the decryption key and qnap deadbolt homepage said correct decryption key detected.
Then it said decrypting files and and took me to my regular qnap homepage.
But all files are still encrypted so I've reached back to qnap.

[FSC830]

Did you tried the Emissoft Decryptor as well?
If you have only be hit by Deadbolt (and not in addition by any other malware), then decryption worked as all affected users have been reported until now.

Regards

[moranbp]

hello, I paid the randsom and did not get a valid decryption key, what should I do next?
The transaction ID: da89a57e12352aa201d10c00e8be766e7662e0c31d9c38d86e4e15ee4c48d70b
ANY help is appreciated

[OneCD]

The transaction ID: da89a57e12352aa201d10c00e8be766e7662e0c31d9c38d86e4e15ee4c48d70b

Your decryption key is: 6b4ccba37ab44ce41a95a987a97b6eab

[moranbp]

Hi, Thank you that is the correct key. Where was it located? I could not find the OP_RETURN anywhere...

[dosborne]

Hi, Thank you that is the correct key. Where was it located? I could not find the OP_RETURN anywhere...

viewtopic.php?p=818604#p818604

Use https://www.blockchain.com for this.

• When you've loaded that site, use the search bar (near the top-right of the web-page) and copy-paste your specific ransomware bitcoin address into the search field, then push <enter>.
  
  That will take you to this page: https://www.blockchain.com/btc/address/ ... q27rm8857c

• Scroll down to the "Transactions" section.

• There are presently 2 transactions with this hash. We're interested in the transaction for +0.00005460 BTC, as this is the amount the hackers pay to the same bitcoin address to provide your decryption key. So, click on the "Hash" value for that transaction: https://www.blockchain.com/btc/tx/cf42a ... d6af367b18

• Now, we're on a new page with the transaction details. Scroll down to the "Outputs" section - it's the last one on the page.

• Then find index 2 (OP_RETURN). The attached hexadecimal number is the decryption key.

[Dogeknight01]

Hi all,
I paid the 0.05BTC as requested to recover my QNAP, triple checked the address and paid extra to cover the transaction fee back in July 13, 2022 but never got the decryption key.
...

No idea, where you have been looking!
Your OP_RETURN is b008627ffca4d0325c65b5397f1ce7ba

Regards

Edit: next time, when you hit by Deadbolt ( ) please post the BTC address in a text form so it can be copied.
I will never again typing such an address from a screenshot!

The decryption key worked! Thank you for your help.
I doubt that I'll be hit by Deadbolt again without having a working backup in place, I don't think there's many people out there who falls for the same mistake twice.
But if I do then I'll definitely post the BTC address.