[RANSOMWARE] >>READ 1st Post<< Deadbolt
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
The answer is literally in the post above yours ... ooof
https://explorer.viawallet.com/btc/tx/3 ... db75e08115
OP_RETURN 7b577d48ac90ee1eeda204b8b8a3d583
https://explorer.viawallet.com/btc/tx/3 ... db75e08115
OP_RETURN 7b577d48ac90ee1eeda204b8b8a3d583
-
- New here
- Posts: 2
- Joined: Wed Mar 15, 2023 7:27 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Thank you very much.dolbyman wrote: ↑Wed Mar 29, 2023 3:01 am The answer is literally in the post above yours ... ooof
https://explorer.viawallet.com/btc/tx/3 ... db75e08115
OP_RETURN 7b577d48ac90ee1eeda204b8b8a3d583
God grant you health!
What is better to use for decoding? EmsiSoft or bring back the Deadbolt interface?
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Before you turn religious on me .. just never ever expose your NAS online again .. no deity is needed to help.
I don't know what decrypter is better, if you still have the original de-crypt interface, maybe make use of that
I think the original one decrypts on the spot and the 3rd party one wants an external storage device
I don't know what decrypter is better, if you still have the original de-crypt interface, maybe make use of that
I think the original one decrypts on the spot and the 3rd party one wants an external storage device
-
- New here
- Posts: 4
- Joined: Mon Mar 27, 2023 7:16 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Success! Key worked and all files are restored!! Thanks for support Dolbyman! <3
-
- New here
- Posts: 4
- Joined: Mon Mar 27, 2023 7:16 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
I used the original deadbolt splash page (reinstated by QNAP help desk) and it decided on the spot with full metadata.
-
- New here
- Posts: 2
- Joined: Fri Apr 21, 2023 8:19 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Anyone has received the decrypt key recently? Paid ransom more than 72 hours ago and still only one transaction.
bc1qtwmxvzzghpv625xftz59q9wl8u2m7wpyt7w9rv
bc1qtwmxvzzghpv625xftz59q9wl8u2m7wpyt7w9rv
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
-
- New here
- Posts: 2
- Joined: Fri Apr 21, 2023 8:19 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Thank you. Hopefully can still get the key. Some important data there...
-
- Experience counts
- Posts: 1819
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Consider a backup plan for "important data" for the next time.....
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
You are lucky: OP_Return is aaf8cad41cf6cf61b0aa6d0ba7d8029d.
Regards
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- New here
- Posts: 5
- Joined: Mon Dec 05, 2022 7:29 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Greetings. I have a NAS affected by deadbolt ransomware. Unfortunately in the nas (QNAP TS-212) the firmware has been updated to the latest version and this has removed the web page with the information to make the payment, so now I don't know how to pay and recover my data. Through the site https://deadbolt.responders.nu/ I uploaded a file and it returns the Sha256 decryption key "c875ef7b87a78a5a0f166f14352a5a97979a5fb1b137e2d6abf6801a6df14820". Would anyone be so kind as to help me please?
- OneCD
- Guru
- Posts: 12146
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
You have already asked about this, and received an answer here.
It seems your NAS was encrypted long-ago, and you were slow to respond to the hack. My guess: it's now far too late to attempt recovery.
-
- New here
- Posts: 6
- Joined: Thu May 18, 2023 5:04 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Hello everybody,
I did now read for some time in this topic, watched some youtube videos and contacted QNAP support - but I guess I still need some help
So far I failed to recover the ransompage to find out where to send the ransom. I have no idea what a PuTTY is, but at least I could generate the message attached. Any advice how to go on from here?
I found some anwers saying "search manually for ... extract anything from there..." - but I'm sorry, I would need the exact steps written down that I need to copy in that command line
I did now read for some time in this topic, watched some youtube videos and contacted QNAP support - but I guess I still need some help
So far I failed to recover the ransompage to find out where to send the ransom. I have no idea what a PuTTY is, but at least I could generate the message attached. Any advice how to go on from here?
I found some anwers saying "search manually for ... extract anything from there..." - but I'm sorry, I would need the exact steps written down that I need to copy in that command line
You do not have the required permissions to view the files attached to this post.
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Just read the first page and use they ransom adress extractor
Then pay the criminals and hope they release the key
Then pay the criminals and hope they release the key
-
- New here
- Posts: 6
- Joined: Thu May 18, 2023 5:04 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Thank you, the "Deadbolt Payment Information Tool" does not work, since my files were encrypted by an older version of deadbolt. Maybe anyone has other experiences in restoring the ransom page the way I tried so far?