[RANSOMWARE] >>READ 1st Post<< Deadbolt

[ffxf1]

No response to payment to address https://www.blockchain.com/btc/address/ ... v97azx758s for more than 72 hours (unless I am blind). Are the criminals taking longer and longer or have they stopped to return encryption keys?

Thanks in advance to everyone taking a look!

Your key was posted in the 1st of December

key:
a8b10ae4d4031df7b303c1ab0d2e9d54

Thanks! And sorry for not seeing it.

[virtualdimension]

@OneCD I can no longer access the nas and I have no way to make the payment. The only thing I can do is connect a disk of my NAS with all the encrypted files inside and send you a file of these to allow you to trace the key, send me the link to make the payment and then send me the decryption procedure.

[dolbyman]

Read the first post(see title of this topic)..a tool to access your payment info from a file only has been in there for a while (if NAS was hacked September or later)

[virtualdimension]

As posted in the German forum .. even an unencrypted file gets a bitcoin address (tested in a sandbox)

deadbolt_paymen.jpg

Immagine 2022-12-05 012846.png

[virtualdimension]

Read the first post(see title of this topic)..a tool to access your payment info from a file only has been in there for a while (if NAS was hacked September or later)

Immagine 2022-12-05 012445.png

[dolbyman]

use the tool to get the payment address..then pay the criminals and wait for the key

[virtualdimension]

use the tool to get the payment address..then pay the criminals and wait for the key

Which tool?
I can't access my nas anymore (ethernet port doesn't work). I can only attach one on my nas disk externally e watch encrypted files. And now? How can I do to launch the tool and make the payment?
If I use the HTML code posted by you, it say me that my version on deadbolt is old and I can't use this methos.

Immagine 2022-12-05 012846.png

[dolbyman]

Then you have been hacked before September 2022 and the payment info is not embedded in the files..so nobody here can get that payment info for you

You might have to find a local specialist that can help you..they probably will cost more than the ransom (the ransom will still need to be paid though)

[dosborne]

Which tool?
I can't access my nas anymore (ethernet port doesn't work). I can only attach one on my nas disk externally e watch encrypted files. And now?

Follow the link in the signature under my post (or in the first post in this thread). It gives you a number of ways to potentially retrieve the ransom address.

[DSmelov]

Dear Team,

Does anyone has the experience of the SUCCESSFULL decryption code getting after payment on the address retrieved by the html tool?

My story is quite typical:
- September, 3rd - infection
- then NAS turned on for several month because of lack of understanding what to do further
- last week I decide finally to turn NAS back, take address and pay
- but the ransom page disappeared due to MR activity
- manual ssh connection procedure did not help
- as well as QNAP support - they reported that they've connected but can not retrieve the ransom page (it was even more strange - firstly they replied with some ranson page attached - I just thought "ok, perfect, thanks", but after two minutes they sent another email with the words: "Sorry there has been mistake in previous message. After checking again, we are unable to restore the correct ransom page." - I said "$#*@%!!!" )
- Finally html extracted bc1qcu0suveddm8mw67muhvd58tcnmdj2qhvyj29gm from the .deadbolt files (I tried several)
- Police website reported that the key for my case is not found

Before spending quite sensitive amount of money, I'd be confident as much as possible that I'll reach the goal.

Thanks in advance for any useful suggestions.

Regards!

Use this if you dont have the info page for paying:

Copy Code into html file and open.

Code: Select all

<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>DEADBOLT Payment Information Tool</title><style>body{background:#222;color:#fff;font-family:"PT Mono",courier}input[type=file]{display:none}.fu{border:1px solid #ccc;display:inline-block;padding:6px 12px;cursor:pointer;color:#ccc}.fu:hover{border:1px solid red;color:#fff}.db{color:#30db97}center>p{width:600px;text-align:left}#main{position:absolute;top:50%;left:50%;transform:translateX(-50%) translateY(-50%);width:50em;background:#444;padding:15px;border:2px solid #139a43;border-radius:4px}</style></head><body><div id="main"><h1 style="text-align: center"><span class="db">DEADBOLT</span> Payment Information Tool</h1><p>Select encrypted (<b>.deadbolt</b> extension) file to retrieve the payment info in case you lost access to the <span class="db">DEADBOLT</span> portal page.</p><p>Please note: this only works for files encrypted by the <b>latest version</b> of <span class="db">DEADBOLT</span>. This tool will tell you if your file is compatible.</p><center><label class="fu"><input type="file" id="filebox" onchange="pf(event);"> 📄 select encrypted file</label></center><p id="fi"></p><p id="pi"></p></div><script>function $(e){return document.getElementById(e)}function bp(e){let n=[996825010,642813549,513874426,1027748829,705979059],i=1;return e.forEach(e=>{let t=i>>25;i=(33554431&i)<<5^e,[0,1,2,3,4].forEach(e=>{t>>e&1&&(i^=n[e])})}),i}function bc(e){let t=[],n=1^bp([3,3,0,2,3].concat(e).concat([0,0,0,0,0,0]));return[0,1,2,3,4,5].forEach(e=>t.push(n>>5*(5-e)&31)),t}function rc(t){let n=BigInt(0);for(let e=0;e<20;e++){var i=BigInt(t[e]);n=(n<<BigInt(8))+i}let r=[0];for(let e=0;e<32;e++)r.push(Number((n>>BigInt(160-5*(e+1)))%BigInt(32)));r=r.concat(bc(r));let a="bc1";return r.forEach((e,t)=>a+="qpzry9x8gf2tvdw0s3jn54khce6mua7l"[e]),a}function fi(e){$("fi").innerHTML=e}function pi(e,t=!1){t&&(e="<font color='red'>error: "+e+"</font>"),$("pi").innerHTML=e}function pf(e){pi(""),fi(""),1!=e.target.files.length?pi("too many/few files selected.",!0):(fi("filename: "+(e=e.target.files[0]).name+"<br />filesize: "+e.size+" bytes"),e.size<128?pi("file is too small.",!0):e.slice(e.size-128,e.size).arrayBuffer().then(t=>{let n=new Uint8Array(t),i=n.slice(0,8);"DEADBOLT".split("").forEach((e,t)=>{i[t]!=e.charCodeAt(0)&&(ok=!1)});var r=n.slice(112,116);if(0==r[0]&&0==r[1]&&0==r[2]&&0==r[3])pi("this file was encrypted with an older version of DEADBOLT. please contact your vendor for assistance in recovering the portal.",!0);else{r=rc(n.slice(16,36));let e=new DataView(t);pi("payment address: <b><span class='db'>"+r+"</span></b><br />\npayment amount : <b><span class='db'>"+parseFloat(e.getFloat32(112).toFixed(4))+" BTC</span></b>")}}))}</script></body></html>

[dolbyman]

What "Team" are you talking to? This is a user forum!

Just read this thread..instructions on what to do (pay the ransom) have been given many many times

[davemx]

Good morning everyone,
in October 11, 2022 my QNAP was encrypted with DeadBolt but I wasn't found the page for pay the decryption key. Where can I find it inside the NAS? I search in folder,file (open more PHP, TXT and others) and log-in page etc..... But nothing.

Using the site https://deadbolt.responders.nu/ and inserting a file with *.deadbolt extension I found the key:
b99e7925e290a18c23288e3341417b5cca8458095c8b17cbe6d860b9785b2e75
The site does not return the decryption key.

Please Help me i don't have others idea.

Many Thanks

[dolbyman]

Please read the first post (including a way to get the payment address from encrypted files)

There is no website that will give you a key..you need to pay the ransom to get the key

[pich_sp@msn.com]

Can anyone help me provide the decryption key for vvvv ? Please

You can make a payment of (exactly) 0.050000 bitcoin to the following address:
belqhpwjqt5yt537qq600zq4j3wg8nslnf2wdur5fe

[dolbyman]

wrong payment address please recheck (needs to be EXACT no typos)