Thanks! And sorry for not seeing it.dolbyman wrote: ↑Sun Dec 04, 2022 11:09 pmYour key was posted in the 1st of Decemberffxf1 wrote: ↑Sun Dec 04, 2022 10:16 pm No response to payment to address https://www.blockchain.com/btc/address/ ... v97azx758s for more than 72 hours (unless I am blind). Are the criminals taking longer and longer or have they stopped to return encryption keys?
Thanks in advance to everyone taking a look!
key:
a8b10ae4d4031df7b303c1ab0d2e9d54
[RANSOMWARE] >>READ 1st Post<< Deadbolt
-
- New here
- Posts: 3
- Joined: Sun Dec 04, 2022 10:12 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
-
- New here
- Posts: 5
- Joined: Mon Dec 05, 2022 7:29 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
@OneCD I can no longer access the nas and I have no way to make the payment. The only thing I can do is connect a disk of my NAS with all the encrypted files inside and send you a file of these to allow you to trace the key, send me the link to make the payment and then send me the decryption procedure.
- dolbyman
- Guru
- Posts: 35268
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Read the first post(see title of this topic)..a tool to access your payment info from a file only has been in there for a while (if NAS was hacked September or later)
-
- New here
- Posts: 5
- Joined: Mon Dec 05, 2022 7:29 am
Re: [RANSOMWARE] Deadbolt
You do not have the required permissions to view the files attached to this post.
Last edited by virtualdimension on Mon Dec 05, 2022 8:30 am, edited 2 times in total.
-
- New here
- Posts: 5
- Joined: Mon Dec 05, 2022 7:29 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
You do not have the required permissions to view the files attached to this post.
- dolbyman
- Guru
- Posts: 35268
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
use the tool to get the payment address..then pay the criminals and wait for the key
-
- New here
- Posts: 5
- Joined: Mon Dec 05, 2022 7:29 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Which tool?
I can't access my nas anymore (ethernet port doesn't work). I can only attach one on my nas disk externally e watch encrypted files. And now? How can I do to launch the tool and make the payment?
If I use the HTML code posted by you, it say me that my version on deadbolt is old and I can't use this methos.
You do not have the required permissions to view the files attached to this post.
- dolbyman
- Guru
- Posts: 35268
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Then you have been hacked before September 2022 and the payment info is not embedded in the files..so nobody here can get that payment info for you
You might have to find a local specialist that can help you..they probably will cost more than the ransom (the ransom will still need to be paid though)
You might have to find a local specialist that can help you..they probably will cost more than the ransom (the ransom will still need to be paid though)
-
- Experience counts
- Posts: 1819
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Follow the link in the signature under my post (or in the first post in this thread). It gives you a number of ways to potentially retrieve the ransom address.virtualdimension wrote: ↑Mon Dec 05, 2022 8:38 am Which tool?
I can't access my nas anymore (ethernet port doesn't work). I can only attach one on my nas disk externally e watch encrypted files. And now?
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
-
- First post
- Posts: 1
- Joined: Wed Dec 07, 2022 3:30 am
Re: [RANSOMWARE] Deadbolt
Dear Team,
Does anyone has the experience of the SUCCESSFULL decryption code getting after payment on the address retrieved by the html tool?
My story is quite typical:
- September, 3rd - infection
- then NAS turned on for several month because of lack of understanding what to do further
- last week I decide finally to turn NAS back, take address and pay
- but the ransom page disappeared due to MR activity
- manual ssh connection procedure did not help
- as well as QNAP support - they reported that they've connected but can not retrieve the ransom page (it was even more strange - firstly they replied with some ranson page attached - I just thought "ok, perfect, thanks", but after two minutes they sent another email with the words: "Sorry there has been mistake in previous message. After checking again, we are unable to restore the correct ransom page." - I said "$#*@%!!!" )
- Finally html extracted bc1qcu0suveddm8mw67muhvd58tcnmdj2qhvyj29gm from the .deadbolt files (I tried several)
- Police website reported that the key for my case is not found
Before spending quite sensitive amount of money, I'd be confident as much as possible that I'll reach the goal.
Thanks in advance for any useful suggestions.
Regards!
Does anyone has the experience of the SUCCESSFULL decryption code getting after payment on the address retrieved by the html tool?
My story is quite typical:
- September, 3rd - infection
- then NAS turned on for several month because of lack of understanding what to do further
- last week I decide finally to turn NAS back, take address and pay
- but the ransom page disappeared due to MR activity
- manual ssh connection procedure did not help
- as well as QNAP support - they reported that they've connected but can not retrieve the ransom page (it was even more strange - firstly they replied with some ranson page attached - I just thought "ok, perfect, thanks", but after two minutes they sent another email with the words: "Sorry there has been mistake in previous message. After checking again, we are unable to restore the correct ransom page." - I said "$#*@%!!!" )
- Finally html extracted bc1qcu0suveddm8mw67muhvd58tcnmdj2qhvyj29gm from the .deadbolt files (I tried several)
- Police website reported that the key for my case is not found
Before spending quite sensitive amount of money, I'd be confident as much as possible that I'll reach the goal.
Thanks in advance for any useful suggestions.
Regards!
Fenaldar wrote: ↑Fri Sep 09, 2022 4:11 am Use this if you dont have the info page for paying:
Copy Code into html file and open.
Code: Select all
<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>DEADBOLT Payment Information Tool</title><style>body{background:#222;color:#fff;font-family:"PT Mono",courier}input[type=file]{display:none}.fu{border:1px solid #ccc;display:inline-block;padding:6px 12px;cursor:pointer;color:#ccc}.fu:hover{border:1px solid red;color:#fff}.db{color:#30db97}center>p{width:600px;text-align:left}#main{position:absolute;top:50%;left:50%;transform:translateX(-50%) translateY(-50%);width:50em;background:#444;padding:15px;border:2px solid #139a43;border-radius:4px}</style></head><body><div id="main"><h1 style="text-align: center"><span class="db">DEADBOLT</span> Payment Information Tool</h1><p>Select encrypted (<b>.deadbolt</b> extension) file to retrieve the payment info in case you lost access to the <span class="db">DEADBOLT</span> portal page.</p><p>Please note: this only works for files encrypted by the <b>latest version</b> of <span class="db">DEADBOLT</span>. This tool will tell you if your file is compatible.</p><center><label class="fu"><input type="file" id="filebox" onchange="pf(event);"> 📄 select encrypted file</label></center><p id="fi"></p><p id="pi"></p></div><script>function $(e){return document.getElementById(e)}function bp(e){let n=[996825010,642813549,513874426,1027748829,705979059],i=1;return e.forEach(e=>{let t=i>>25;i=(33554431&i)<<5^e,[0,1,2,3,4].forEach(e=>{t>>e&1&&(i^=n[e])})}),i}function bc(e){let t=[],n=1^bp([3,3,0,2,3].concat(e).concat([0,0,0,0,0,0]));return[0,1,2,3,4,5].forEach(e=>t.push(n>>5*(5-e)&31)),t}function rc(t){let n=BigInt(0);for(let e=0;e<20;e++){var i=BigInt(t[e]);n=(n<<BigInt(8))+i}let r=[0];for(let e=0;e<32;e++)r.push(Number((n>>BigInt(160-5*(e+1)))%BigInt(32)));r=r.concat(bc(r));let a="bc1";return r.forEach((e,t)=>a+="qpzry9x8gf2tvdw0s3jn54khce6mua7l"[e]),a}function fi(e){$("fi").innerHTML=e}function pi(e,t=!1){t&&(e="<font color='red'>error: "+e+"</font>"),$("pi").innerHTML=e}function pf(e){pi(""),fi(""),1!=e.target.files.length?pi("too many/few files selected.",!0):(fi("filename: "+(e=e.target.files[0]).name+"<br />filesize: "+e.size+" bytes"),e.size<128?pi("file is too small.",!0):e.slice(e.size-128,e.size).arrayBuffer().then(t=>{let n=new Uint8Array(t),i=n.slice(0,8);"DEADBOLT".split("").forEach((e,t)=>{i[t]!=e.charCodeAt(0)&&(ok=!1)});var r=n.slice(112,116);if(0==r[0]&&0==r[1]&&0==r[2]&&0==r[3])pi("this file was encrypted with an older version of DEADBOLT. please contact your vendor for assistance in recovering the portal.",!0);else{r=rc(n.slice(16,36));let e=new DataView(t);pi("payment address: <b><span class='db'>"+r+"</span></b><br />\npayment amount : <b><span class='db'>"+parseFloat(e.getFloat32(112).toFixed(4))+" BTC</span></b>")}}))}</script></body></html>
- dolbyman
- Guru
- Posts: 35268
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
What "Team" are you talking to? This is a user forum!
Just read this thread..instructions on what to do (pay the ransom) have been given many many times
Just read this thread..instructions on what to do (pay the ransom) have been given many many times
-
- First post
- Posts: 1
- Joined: Sat Dec 17, 2022 10:52 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Good morning everyone,
in October 11, 2022 my QNAP was encrypted with DeadBolt but I wasn't found the page for pay the decryption key. Where can I find it inside the NAS? I search in folder,file (open more PHP, TXT and others) and log-in page etc..... But nothing.
Using the site https://deadbolt.responders.nu/ and inserting a file with *.deadbolt extension I found the key:
b99e7925e290a18c23288e3341417b5cca8458095c8b17cbe6d860b9785b2e75
The site does not return the decryption key.
Please Help me i don't have others idea.
Many Thanks
in October 11, 2022 my QNAP was encrypted with DeadBolt but I wasn't found the page for pay the decryption key. Where can I find it inside the NAS? I search in folder,file (open more PHP, TXT and others) and log-in page etc..... But nothing.
Using the site https://deadbolt.responders.nu/ and inserting a file with *.deadbolt extension I found the key:
b99e7925e290a18c23288e3341417b5cca8458095c8b17cbe6d860b9785b2e75
The site does not return the decryption key.
Please Help me i don't have others idea.
Many Thanks
- dolbyman
- Guru
- Posts: 35268
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Please read the first post (including a way to get the payment address from encrypted files)
There is no website that will give you a key..you need to pay the ransom to get the key
There is no website that will give you a key..you need to pay the ransom to get the key
-
- New here
- Posts: 6
- Joined: Wed Dec 21, 2022 12:26 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Can anyone help me provide the decryption key for vvvv ? Please
You can make a payment of (exactly) 0.050000 bitcoin to the following address:
belqhpwjqt5yt537qq600zq4j3wg8nslnf2wdur5fe
You can make a payment of (exactly) 0.050000 bitcoin to the following address:
belqhpwjqt5yt537qq600zq4j3wg8nslnf2wdur5fe
- dolbyman
- Guru
- Posts: 35268
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
wrong payment address please recheck (needs to be EXACT no typos)