[RANSOMWARE] >>READ 1st Post<< Deadbolt

[dolbyman]

The answer is literally in the post above yours ... ooof

https://explorer.viawallet.com/btc/tx/3 ... db75e08115

OP_RETURN 7b577d48ac90ee1eeda204b8b8a3d583

[turutkin]

The answer is literally in the post above yours ... ooof

https://explorer.viawallet.com/btc/tx/3 ... db75e08115

OP_RETURN 7b577d48ac90ee1eeda204b8b8a3d583

Thank you very much.
God grant you health!
What is better to use for decoding? EmsiSoft or bring back the Deadbolt interface?

[dolbyman]

Before you turn religious on me .. just never ever expose your NAS online again .. no deity is needed to help.

I don't know what decrypter is better, if you still have the original de-crypt interface, maybe make use of that

I think the original one decrypts on the spot and the 3rd party one wants an external storage device

[Laxdave]

Success! Key worked and all files are restored!! Thanks for support Dolbyman! <3

[Laxdave]

I used the original deadbolt splash page (reinstated by QNAP help desk) and it decided on the spot with full metadata.

[Phocean]

Anyone has received the decrypt key recently? Paid ransom more than 72 hours ago and still only one transaction.

bc1qtwmxvzzghpv625xftz59q9wl8u2m7wpyt7w9rv

[dolbyman]

no transactions from the criminals in a week

https://www.blockchain.com/explorer/add ... 8ajvsmfjjl

[Phocean]

Thank you. Hopefully can still get the key. Some important data there...

[dosborne]

Thank you. Hopefully can still get the key. Some important data there...

Consider a backup plan for "important data" for the next time.....

[FSC830]

Anyone has received the decrypt key recently? Paid ransom more than 72 hours ago and still only one transaction.

bc1qtwmxvzzghpv625xftz59q9wl8u2m7wpyt7w9rv

You are lucky: OP_Return is aaf8cad41cf6cf61b0aa6d0ba7d8029d.

Regards

[virtualdimension]

Greetings. I have a NAS affected by deadbolt ransomware. Unfortunately in the nas (QNAP TS-212) the firmware has been updated to the latest version and this has removed the web page with the information to make the payment, so now I don't know how to pay and recover my data. Through the site https://deadbolt.responders.nu/ I uploaded a file and it returns the Sha256 decryption key "c875ef7b87a78a5a0f166f14352a5a97979a5fb1b137e2d6abf6801a6df14820". Would anyone be so kind as to help me please?

[OneCD]

Would anyone be so kind as to help me please?

You have already asked about this, and received an answer here.

It seems your NAS was encrypted long-ago, and you were slow to respond to the hack. My guess: it's now far too late to attempt recovery.

[Zandone]

Hello everybody,

I did now read for some time in this topic, watched some youtube videos and contacted QNAP support - but I guess I still need some help

So far I failed to recover the ransompage to find out where to send the ransom. I have no idea what a PuTTY is, but at least I could generate the message attached. Any advice how to go on from here?

I found some anwers saying "search manually for ... extract anything from there..." - but I'm sorry, I would need the exact steps written down that I need to copy in that command line

[dolbyman]

Just read the first page and use they ransom adress extractor
Then pay the criminals and hope they release the key

[Zandone]

Thank you, the "Deadbolt Payment Information Tool" does not work, since my files were encrypted by an older version of deadbolt. Maybe anyone has other experiences in restoring the ransom page the way I tried so far?