Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    US charges Samourai cryptomixer founders for laundering $100 million

Featured Deal: A one-year Sam's Club membership is only $14 now

Latest Buyer's Guide:    How to setup a VPN on your router: Detailed walkthrough

Generic User Avatar

DeadBolt ransomware Support Topic - QNAP ASUSTOR devices (.deadbolt extension)

Started by Grinler , Jan 25 2022 07:17 PM

  • Please log in to reply
706 replies to this topic

#706 venzoja

venzoja

  • Avatar image
  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:07:45 AM

Posted 18 September 2023 - 02:16 AM

Hi everybody,

 

QNAP Support advised me to search for help here: i was affected by deadbolt at the end of july 2022, discovered it around christmas and since that time i try to find out where to send the ransom.

 

I did never see any ransom note, probably did some updates before even knowing that I was affected. There is a "Deadbolt Payment Information Tool" but it does not work (guess it's for files decrypted after september 2022).

 

There are some advices working with Putty I tried to follow, but honestly i do not really understand what to do there.

 

QNAP Support told me:

- the deadbolt-page could not be restored by QNAP support
- the compromised index.hmtl is missing in the quarantine area
- I shall ask here if there is a possibility to pay the ransom without the compromised landing page
- QNAP Support uploaded an encrypted file to https://deadbolt.responders.nu/upload/, got the adress "a450af299a6bc1d850bbfa4f022c865f8e1359427d0b31cbffa17f1da56dae2b" and asks if this is a valid payment adress (but I guess it's not)

 

Can anybody help me or was in that situation before?

you try upload here?  

i see a450af299a6bc1d850bbfa4f022c865f8e1359427d0b31cbffa17f1da56dae2b

You need to preserve the original record as you received it.
and break it down into its various pieces. I think the puzzle's close by. Maybe you should contact a bitcoin address expert.

 

 

The Legacy address for the first cryptocurrency consists of 34 characters,

       SegWit addresses (Bech32) most often include 42 characters,

       Taproot (Bech32m) has 62 characters.

I - P2PKH, address starts "1"
II - P2SH, address starts with "3"
III - Bech32, address starts with "bc1"

a450af299a6bc1d850bbfa4f022c865f8e1359427d0b31cbffa17f1da56dae2b   =64

bc1d850bbfa4f022c865f8e1359427d0b31cbffa17  =42

  • bc1d850bbfa4f022c865f8e1359427d0b31cbffa17a450af299a6f1da56dae2b

    bc1d850bbfa4f022c865f8e1359427d0b31cbffa17f1da56dae2ba450af299a6

    bc1d850bbfa4f022c865f8e1359427d0b31cbffa17 a450af299a6f1da56dae2b

    bc1d850bbfa4f022c865f8e1359427d0b31cbffa17 f1da56dae2ba450af299a6

 

https://deadbolt.responders.nu/

 

 

 
 

 

 

 

 
 

 

 


Edited by venzoja, 18 September 2023 - 02:21 AM.

BC AdBot (Login to Remove)

 

#707 pepe1060

pepe1060

  • Avatar image
  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:07:45 AM

Posted 12 April 2024 - 03:10 AM

Hi
Maybe someone will be able to help me too
My address:
bc1qwq9veg0fjpngajkmj9zvwmf3adzh8jcr3vvw34


Back to Ransomware Help & Tech Support


2 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


    Facebook (1)

  1. BleepingComputer Forums
  2. Security
  3. Ransomware Help & Tech Support
  4. Privacy Policy
  5. Rules ·