[RANSOMWARE] >>READ 1st Post<< Deadbolt

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply
coronadilione
New here
Posts: 3
Joined: Fri Jan 20, 2023 5:49 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by coronadilione »

FSC830 wrote: Fri Jan 20, 2023 8:12 pm
coronadilione wrote: Fri Jan 20, 2023 8:06 pm ...
OP_RETURN is e6a1be45a860dde76bec27c033de11c1

Regards
Thank you very much

You saved my LiFe and my FiLe

leonardo (ITALY)
mlzsmg
New here
Posts: 5
Joined: Sat Jul 11, 2015 9:22 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by mlzsmg »

FSC830 wrote: Fri Jan 20, 2023 8:16 pm
mlzsmg wrote: Fri Jan 20, 2023 3:43 am I paid to bc1qdzylfqnezqme4xtkx8un8s7eg49c82fhwlfhnt 6 days ago, 0.03BTC exactly. This was what was requested via the page once restored. As yet I've only had my 1 transaction recorded. I paid via coinbase. Have I screwed this up? Has anyone else had success after a week of waiting?
Thanks in advance
OP_RETURN is 6a2a9c90d775640031df6b36f1c10a3f

Regards
Thanks everyone. The OP_RETURN indeed came through on Friday and everything I needed is now recovered.
lostmyNas
New here
Posts: 6
Joined: Fri Dec 30, 2022 12:23 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by lostmyNas »

Hi Dolbyman,

i revisited the link and i see transactions there, can you please help me identify the key ? i have also got the below instructions and have no idea how to use them in my Nas, Can i use this decrypter to go into windows command prompt of my files in Nas to do something ? also i paid through the cash app page set by the ransomware people. and it is showing as paid. but i am unable to get the key from the transactions.

Status: Paid
Instruction

After download unpack archive and upload decryptor_linux* file to your NAS.
After upload run command in terminal: chmod +x ./decryptor_linux && ./decryptor_linux
Or copy crypted files to another device and start decryptor program with start directory paramether.
Example in linux: chmod +x ./decryptor_linux* && ./decryptor_linux* -s /destination/dir
Example in windows(command line): decryptor_windows.exe -s C:\destination\dir
Star symbol replace to your processor architecture. Before decrypting make sure you have at least 1-2 gigabytes of free space.
FSC830
Experience counts
Posts: 2043
Joined: Thu Mar 03, 2016 1:11 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by FSC830 »

lostmyNas wrote: Mon Jan 23, 2023 8:23 pm ...also i paid through the cash app page set by the ransomware people. and it is showing as paid. but i am unable to get the key from the transactions.

Status: Paid
Instruction
...
Please provide the hash key you used for the payment. It starts with bc1 (b-c-one) and is your individual key for the ransom.

Regards

Edit: This was already told you on Dec. 30th, 2022!
Without the hash - no OP_Return.
macscrap
New here
Posts: 2
Joined: Thu Jan 26, 2023 6:33 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by macscrap »

i tried to find the output with op_return but can't. my transaction id 83a39d8b7ce13d54061340cde7bef2c021c25b1956cf8491043b1e45b818a920 paid for hash bc1qc0s086cgqjp4m3v7dsym7pyeqwzw6vvfj0gv5a
who can i get the decryption key?
User avatar
dolbyman
Guru
Posts: 35005
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by dolbyman »

op return can be found here

https://explorer.viawallet.com/btc/tx/6 ... d05d27fd61

key is ac3ab1fd17456b98496ab5f25bed2629
macscrap
New here
Posts: 2
Joined: Thu Jan 26, 2023 6:33 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by macscrap »

thanks a lot
PedrosMartinez
New here
Posts: 3
Joined: Tue Feb 14, 2023 1:14 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by PedrosMartinez »

After looong journey with QNAP Support I'm done. They were unable to find or even recover the Deadbolt page. Only things I have now are encrypted files without knowing address where I could pay to get decryption key. Is there any possibility to retreive the BTC addres using encrypted file?
User avatar
dolbyman
Guru
Posts: 35005
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by dolbyman »

As always, read the first page .. if your infection is AFTER September 2022 then you can use the linked tool, if before you are SOL ..
PedrosMartinez
New here
Posts: 3
Joined: Tue Feb 14, 2023 1:14 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by PedrosMartinez »

That's the point I'm not sure when infection took place. I tried using the "tool" and received same result with every file with deadbolt extension "bc1qy547gt8hc7ahnuh60l0pukmh0amlxvz8wmrz4q". If my QNAP was encrypted before September would the tool even work with infected file or it will not return anything?
PeterT1959
Know my way around
Posts: 201
Joined: Mon Nov 19, 2012 11:16 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by PeterT1959 »

My recollection is that the tool would not display anything on older attacks.

The value returned looks very much like a valid Bitcoin address

Sent from my Pixel 4a using Tapatalk

User avatar
dolbyman
Guru
Posts: 35005
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by dolbyman »

On random files I tested, it would display random bitcoin addresses with random ransom amounts, if the ransom amount is correct (0.05BTC) and the address is always the same, you found your information
Wooders1973
New here
Posts: 6
Joined: Tue Jan 24, 2023 10:45 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by Wooders1973 »

Hello,

I had a QNAP drive encrypted with deadbolt but teh actual device stopped working. I have another QNAP now but despite QNAP support trying to help they cannot get the original ransom note. I've used the tool described earlier and have a payment address: bc1qesp2u4s8wdxskyjyfyqaskfepwdkpq2nr6f3wf
payment amount : 0.05 BTC

But i'm afraid i have no idea how to actually pay the ransom. I understand i have to pay this address and then get an op_return with the decrypt key and then use the Emisoft tool to decrypt my files. But i've no idea how to make the payment and make sure that after any charges I do pay 0.05 BTC. If i setup a Blockchain account how do i pay from this to the payment address.

Would somebody help me out either on this page or by messaging me privately. I'm worried that as this is quite a lot of money i'll get it wrong and not being that good with this type of thing i'd prefer to ask for help.

Thanks

Chris
User avatar
dolbyman
Guru
Posts: 35005
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by dolbyman »

There is no PM in this forum.

Depending on your geo location, payment to a bitcoin address can be as easy as going to an atm.

Be very careful with asking in a public forum for help (like reddit) you risk getting scammed all over again...yes there is bad people everywhere.
Wooders1973
New here
Posts: 6
Joined: Tue Jan 24, 2023 10:45 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by Wooders1973 »

Apologies, I didn't know there was no private messaging.

I'll have to see if I can work out how to do it, thanks.
Post Reply

Return to “Users' Corner”