[RANSOMWARE] >>READ 1st Post<< Deadbolt

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply
FSC830
Experience counts
Posts: 2043
Joined: Thu Mar 03, 2016 1:11 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by FSC830 »

No, did check last time abt. 2 hours ago.
My guess, this is all an automated process, so lets hope that increasing the fee will result in an OP_Return.

Good luck.

Regards
FSC830
Experience counts
Posts: 2043
Joined: Thu Mar 03, 2016 1:11 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by FSC830 »

illusion_venz wrote: Mon Jun 05, 2023 4:33 pm ...
No luck. I've increased it to the updated amount 0.05.

expensive lesson, but still no luck :( . Or do you see an OP return code?

Thanks for the help
Seems you are a lucky one...
OP_RETURN a64e7cb4bf6882415c2cdd44ecab7d1f

Regards
illusion_venz
New here
Posts: 4
Joined: Sun Jul 16, 2017 8:16 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by illusion_venz »

FSC830 wrote: Tue Jun 06, 2023 2:09 pm
illusion_venz wrote: Mon Jun 05, 2023 4:33 pm ...
No luck. I've increased it to the updated amount 0.05.

expensive lesson, but still no luck :( . Or do you see an OP return code?

Thanks for the help
Seems you are a lucky one...
OP_RETURN a64e7cb4bf6882415c2cdd44ecab7d1f

Regards
That made my day! Thanks!

My QNAP will never be reachable via internet again! next to a tripple backup :)
FSC830
Experience counts
Posts: 2043
Joined: Thu Mar 03, 2016 1:11 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by FSC830 »

DeltaBlock wrote: Tue Jun 06, 2023 6:04 pm 0.05BTC is equal to over more than 1200euro/dollar... :!: :!: :!: :!:
Yes, and?
Several dozen times mentioned here, that an USB drive (or even 2 or 3 or...) is much cheaper than paying the ransom.
But there will be always people who will learning this the hard (expensive) way... 8) .

No risk - no fun... :P

Regards
FSC830
Experience counts
Posts: 2043
Joined: Thu Mar 03, 2016 1:11 am

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by FSC830 »

illusion_venz wrote: Tue Jun 06, 2023 5:00 pm ...
My QNAP will never be reachable via internet again! next to a tripple backup :)
As countless times said here and in other threads: with a VPN service at your router and a VPN client at your mobile you should be able to access from everywhere you are staying - in the safest way you can choose.

All other access methods are less safe up to very insecure (port forwardings, myqnapcloud, ...).

Regards
baseballfan44
New here
Posts: 4
Joined: Thu Jun 08, 2023 11:43 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by baseballfan44 »

seems that i'm on the 0.05BTC list and so far the deadbolt address hasn't been tracked by Dutch authorities and the decryption key isn't available from them. trying to find any avenue to restore the files (mainly pictures) I've been searching through the blockchain site but not seeing the OP_Return from the new interface on the blockchain site. Yes I checked the instructions in the previous post.
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by dolbyman »

This is still an English forum, so if you want to converse in dutch, check here

https://forum.qnapclub.be/index.php

And it has been discussed on end that the dutch authorities did nothing other than to pay/cancel the transaction to the criminals but they (the criminals) smartened up and are now delaying payments until each transaction has been confirmed plenty of times

So no need to hope for any authorities to step in .. pay up or live without these files
edlin
First post
Posts: 1
Joined: Fri Jun 09, 2023 11:31 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by edlin »

I am not able to find the OP_Return after paid the ransom more than 72 hours. Does it take more time recently ?
@bc1qs3er2w3s98e0tca3ztjz2kt7lsk07kqvpw5f2n
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by dolbyman »

You can always check the wallet of the criminals..last decryption code was sent out on the 5th

https://www.blockchain.com/explorer/add ... 8ajvsmfjjl
Zandone
New here
Posts: 6
Joined: Thu May 18, 2023 5:04 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by Zandone »

dosborne wrote: Fri May 19, 2023 10:28 am
Zandone wrote: Thu May 18, 2023 8:22 pm Maybe anyone has other experiences in restoring the ransom page the way I tried so far?
Did you try the steps listed here:
viewtopic.php?f=45&t=164797&start=1380#p825512
I am still trying to get the ransom page or the adress where to send the ransom. I had some contact with QNAP Support and I was told:
- deadbolt-page could not be restored by QNAP support
- the compromised index.hmtl is missing in the quarantine area
- I shall ask in forums if there is a possibility to pay the ransom without the compromised landing page
- QNAP Support uploaded an encrypted file to https://deadbolt.responders.nu/upload/, got the adress "a450af299a6bc1d850bbfa4f022c865f8e1359427d0b31cbffa17f1da56dae2b" and asks if this is a valid payment adress :?: :?: :?: ( I thought they all begin with "bc...")

Does anybody else have an idea or was in that situation before? :S
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by dolbyman »

check the first page ..the payment adress tool is there

this only works if the infection happened AFTER September 2022
Zandone
New here
Posts: 6
Joined: Thu May 18, 2023 5:04 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by Zandone »

dolbyman wrote: Mon Jun 12, 2023 9:33 pm check the first page ..the payment adress tool is there

this only works if the infection happened AFTER September 2022
Thanks, but I already tried that - did not work, my files were encrypted by an older version of deadbolt.
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by dolbyman »

Then you are out of luck
Bee2000
First post
Posts: 1
Joined: Mon Jun 12, 2023 9:45 pm

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by Bee2000 »

Hello, looking for some help/advice (I didn't have a back up yes I know I'm an idiot!)

NAS had not been used for a long time, went to find a file but have been hit with the Deadbolt ransomware.
The autopatch and Malware tool meant I needed to use the SSH/putty method to get the Ransomware page back
The File update dates show as 2022-09-03 04:00:09
Do we know if the version I have can be recovered if I paid?

The request is for 0.05 Bitcoin
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [RANSOMWARE] >>READ 1st Post<< Deadbolt

Post by dolbyman »

Just read the first page...key issue is never a guarantee..you are dealing with criminals
Post Reply

Return to “Users' Corner”