[RANSOMWARE] >>READ 1st Post<< Deadbolt
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
No, did check last time abt. 2 hours ago.
My guess, this is all an automated process, so lets hope that increasing the fee will result in an OP_Return.
Good luck.
Regards
My guess, this is all an automated process, so lets hope that increasing the fee will result in an OP_Return.
Good luck.
Regards
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Seems you are a lucky one...illusion_venz wrote: ↑Mon Jun 05, 2023 4:33 pm ...
No luck. I've increased it to the updated amount 0.05.
expensive lesson, but still no luck . Or do you see an OP return code?
Thanks for the help
OP_RETURN a64e7cb4bf6882415c2cdd44ecab7d1f
Regards
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- New here
- Posts: 4
- Joined: Sun Jul 16, 2017 8:16 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
That made my day! Thanks!FSC830 wrote: ↑Tue Jun 06, 2023 2:09 pmSeems you are a lucky one...illusion_venz wrote: ↑Mon Jun 05, 2023 4:33 pm ...
No luck. I've increased it to the updated amount 0.05.
expensive lesson, but still no luck . Or do you see an OP return code?
Thanks for the help
OP_RETURN a64e7cb4bf6882415c2cdd44ecab7d1f
Regards
My QNAP will never be reachable via internet again! next to a tripple backup
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Yes, and?
Several dozen times mentioned here, that an USB drive (or even 2 or 3 or...) is much cheaper than paying the ransom.
But there will be always people who will learning this the hard (expensive) way... .
No risk - no fun...
Regards
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
As countless times said here and in other threads: with a VPN service at your router and a VPN client at your mobile you should be able to access from everywhere you are staying - in the safest way you can choose.illusion_venz wrote: ↑Tue Jun 06, 2023 5:00 pm ...
My QNAP will never be reachable via internet again! next to a tripple backup
All other access methods are less safe up to very insecure (port forwardings, myqnapcloud, ...).
Regards
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- New here
- Posts: 4
- Joined: Thu Jun 08, 2023 11:43 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
seems that i'm on the 0.05BTC list and so far the deadbolt address hasn't been tracked by Dutch authorities and the decryption key isn't available from them. trying to find any avenue to restore the files (mainly pictures) I've been searching through the blockchain site but not seeing the OP_Return from the new interface on the blockchain site. Yes I checked the instructions in the previous post.
- dolbyman
- Guru
- Posts: 34903
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
This is still an English forum, so if you want to converse in dutch, check here
https://forum.qnapclub.be/index.php
And it has been discussed on end that the dutch authorities did nothing other than to pay/cancel the transaction to the criminals but they (the criminals) smartened up and are now delaying payments until each transaction has been confirmed plenty of times
So no need to hope for any authorities to step in .. pay up or live without these files
https://forum.qnapclub.be/index.php
And it has been discussed on end that the dutch authorities did nothing other than to pay/cancel the transaction to the criminals but they (the criminals) smartened up and are now delaying payments until each transaction has been confirmed plenty of times
So no need to hope for any authorities to step in .. pay up or live without these files
-
- First post
- Posts: 1
- Joined: Fri Jun 09, 2023 11:31 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
I am not able to find the OP_Return after paid the ransom more than 72 hours. Does it take more time recently ?
@bc1qs3er2w3s98e0tca3ztjz2kt7lsk07kqvpw5f2n
@bc1qs3er2w3s98e0tca3ztjz2kt7lsk07kqvpw5f2n
- dolbyman
- Guru
- Posts: 34903
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
You can always check the wallet of the criminals..last decryption code was sent out on the 5th
https://www.blockchain.com/explorer/add ... 8ajvsmfjjl
https://www.blockchain.com/explorer/add ... 8ajvsmfjjl
-
- New here
- Posts: 6
- Joined: Thu May 18, 2023 5:04 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
I am still trying to get the ransom page or the adress where to send the ransom. I had some contact with QNAP Support and I was told:dosborne wrote: ↑Fri May 19, 2023 10:28 amDid you try the steps listed here:
viewtopic.php?f=45&t=164797&start=1380#p825512
- deadbolt-page could not be restored by QNAP support
- the compromised index.hmtl is missing in the quarantine area
- I shall ask in forums if there is a possibility to pay the ransom without the compromised landing page
- QNAP Support uploaded an encrypted file to https://deadbolt.responders.nu/upload/, got the adress "a450af299a6bc1d850bbfa4f022c865f8e1359427d0b31cbffa17f1da56dae2b" and asks if this is a valid payment adress ( I thought they all begin with "bc...")
Does anybody else have an idea or was in that situation before?
- dolbyman
- Guru
- Posts: 34903
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
check the first page ..the payment adress tool is there
this only works if the infection happened AFTER September 2022
this only works if the infection happened AFTER September 2022
-
- New here
- Posts: 6
- Joined: Thu May 18, 2023 5:04 pm
- dolbyman
- Guru
- Posts: 34903
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Then you are out of luck
-
- First post
- Posts: 1
- Joined: Mon Jun 12, 2023 9:45 pm
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Hello, looking for some help/advice (I didn't have a back up yes I know I'm an idiot!)
NAS had not been used for a long time, went to find a file but have been hit with the Deadbolt ransomware.
The autopatch and Malware tool meant I needed to use the SSH/putty method to get the Ransomware page back
The File update dates show as 2022-09-03 04:00:09
Do we know if the version I have can be recovered if I paid?
The request is for 0.05 Bitcoin
NAS had not been used for a long time, went to find a file but have been hit with the Deadbolt ransomware.
The autopatch and Malware tool meant I needed to use the SSH/putty method to get the Ransomware page back
The File update dates show as 2022-09-03 04:00:09
Do we know if the version I have can be recovered if I paid?
The request is for 0.05 Bitcoin
- dolbyman
- Guru
- Posts: 34903
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt
Just read the first page...key issue is never a guarantee..you are dealing with criminals