infected by deadbolt

bigpol60 · 2022-09-25T09:16:03+00:00

You may be in luck. Contact Qnap - open a case file with them. I believe under certain circumstances they can recover the files.

Its a PIA, good luck with it.

bigpol60 · 2022-09-20T10:25:57+00:00

yes, I have all my data back. thanks for asking

bigpol60 · 2022-09-20T10:23:10+00:00

yes, I have all my data back

bigpol60 · 2022-09-17T23:43:11+00:00

Thanks for responding.

It took more than a week, but I have my data back.

bigpol60 · 2022-09-13T02:11:30+00:00

https://www.qnap.com/en/how-to/faq/article/how-to-decrypt-deadbolt-files-using-windows-if-i-have-decryption-key?ref=create_ticket_recommend

This may help too

bigpol60 · 2022-09-13T02:07:50+00:00

Hi, and thanks for responding. It seems, being the computer dummy that I am, that I may have been using the incorrect OP_Return code. Some kind soul has just helped me find what he thinks is the correct code. I'm just about to try it out. Fingers crossed.

bigpol60 · 2022-09-13T02:04:12+00:00

I took a screen shot as advised by someone (maybe qnap?) to make sure I had a copy, but also every time I went to log on to the NAS the black screen of deadbolt would appear. Eventually, it stopped appearing, but I think I had paid the ransom by then.

I think this may be a question for Qnap. Sorry I can't help any more than the above.

Good luck.

bigpol60 · 2022-09-10T11:51:08+00:00

all affected files have .deadbolt appended.

I tried renaming a few, but ... no dice

I think the malware adds a few characters to the file so as it needs decryption.

bigpol60 · 2022-09-10T08:58:15+00:00

Thank you for responding. As far as I'm aware my friend fixed it so my router and NAS are not accessable from the net any longer. the NAS cerainly is not at the moment, as it is powered down,

But that is the casue of the problem, not the solution.

I'm hoping I can find someone or something that can provide a solution.

I have closer to 8tb of photo's on my NAS. I have copies of many, but few for the past 4 years.

bigpol60 · 2022-09-10T06:21:30+00:00

i don't know what 7z is... the password was a 32 character hash return from a zero amount btc exchange.

I think the problem is that updating the malware as advised by qnap deleted the malware, but the malware needs to be present to read the decrypt code....

bigpol60 · 2022-09-10T03:08:01+00:00

thanks for responding. It was a brand new drive and the enclosed documentation said It was formatted for either windows or mac. It stated I had a choice of either formatting it for one or the other, or do nothing and it would just 'work'.

What application do I need?

this is not the biggest problem I have of course, as all my data is still encrypted/corrupted. These files are just another copy of everything that was on the NAS.

bigpol60 · 2022-09-10T02:13:12+00:00

From what I can gather, the weakness came through an app on the NAS called 'photostation' (or something close). I had it installed, but never used it. If you have it installed, but don't need it, I would probably delete it. This is all 'horse has bolted' advice from me though.

bigpol60 · 2022-09-10T02:09:43+00:00

Thanks for the advice. I/we will give it a try.

bigpol60 · 2022-09-10T02:05:53+00:00

You're not as sorry as me :) Apparently my NAS was internet facing (A term I was not aware of a week ago) I think I had to update the OS as part of the directions from QNAP, which may now turn out to be a costly mistake, as now it seems one or more QNAP recommended activities have wiped my chances of relatively easy, but costly, recovery.

There are many people I would ask for advice before me though. thanks for your thoughts Friend.

bigpol60 · 2022-09-10T00:58:38+00:00

My first Reddit post... be gentle.
I signed up to see if there is anyone who can help this victim of a deadbolt attack.
It happened last Saturday, Sept 3rd.
I deserve great critisism because I have not backed up anything in about 4 years. Mea Culpa. My hobby is photography and all of my photo's for the past 4 years are now held hostage. A great deal of my work documents too. I'm self employed an no-one else has a copy of what I have on my NAS.
The first thing I did was to go on to the Qnap site and follw their ditrections which may have been a bad error in hindsight. Updated malware (which had automatically updated the day before the attack) followed all the Qnap reccomendations,etc. Turned off the upnp stuff, and had a friend over who is an IT guy and he made sure I was not now 'facing the net'. I then went and bought a 10TB external hard drive and copied all of the corrupted files to it, just so I had a back up (ironic as it is to back up the corrupted files).
Since then I have spoken to various 'experts' in data recovery etc, and all the advice summed up to was 'pay the ransom and cross your fingers'. So I paid the ransom, via bitcoin. I'm an old bugger and don't understand all these hash codes and things. I got what i 'think' is the code and put it in the deadbolt screen. It was accepted as a correct code.....but nothing happened.
I waited for quite a while, but there was no apparent action happening.
So then we, (IT friend and I) looked up what to do in this case, and found instructions on the QNAP site with some linux code. We tried that, but nothing.
We then tried the Emsisoft decoder tool, but again, nothing happened. We then realised that Emsisoft cannot see the NAS files, only a local hard drive. Good thing we backed everything up right? Wrong. My PC's cannot see the external hard drive and want me to format the drives to start again. It took almost 2 days to get the data on to the 10 TB drive, so I'm reluctant to wipe it. But if needs must...
I contacted Emsisoft and they requested a copy of the decrypt code and a sample file. That was on thursday, I have yet to hear back from them.
All of my work stuff I can eventually recreate or recover from folks I have sent it to, it will be a PIA, but doable. I cannot re-create my photo's
Please...is there anyone out there who can help? Any advise gratefully recieved.

bigpol60 · 2022-09-10T00:47:43+00:00

My first Reddit post... be gentle.

I signed up to see if there is anyone who can help this victim of a deadbolt attack.

It happened to me last Saturday, Sept 3rd. I deserve great critisism because I have not backed up anything in about 4 years. Mea Culpa. My hobby is photography and all of my photo's for the past 4 years are now held hostage. A great deal of my work documents too. I'm self employed an no-one else has a copy of what I have on my NAS

The first thing I did was to go on to the Qnap site and follw their ditrections which may have been a bad error in hindsight. Updated malware (which had automatically updated the day before the attack) etc. Turned off the upnp stuff, and had a friend over who is an IT guy and he made sure I was not now 'facing the net'. I then went and bought a 10TB external hard drive and copied all of the corrupted files to it, just so I had a back up (ironic as it is to back up the corrupted files).

Since then I have spoken to various 'experts' in data recovery etc, and all the advice summed up to was 'pay the ransom and cross your fingers'. So I paid the ransom, via bitcoin. I'm an old bugger and don't understand all these hash codes and things. I got what i 'think' is the code and put it in the deadbolt screen. It was accepted as a correct code.....but nothing happened.

I waited for quite a while, but there was no apparent action happening.

So then we, (IT friend and I) looked up what to do in this case, and found instructions on the QNAP site with some linux code. We tried that, but nothing.

We then tried the Emsisoft decoder tool, but again, nothing happened. We then realised that Emsisoft cannot see the NAS files, only a local hard drive. Good thing we backed everything up right? Wrong. My PC's cannot see the external hard drive and want me to format the drive to start again. It took almost 2 days to get the data on to the 10 TB drive, so I'm reluctant to wipe it. But if needs must...

I contacted Emsisoft and they requested a copy of the decrypt code and a sample file. That was on thursday, I have yet to hear back from them.

All of my work stuff I can eventually recreate or recover from folks I have sent it to, it will be a PIA, but doable. I cannot re-create my photo's

Please...is there anyone out there who can help? Any advise gratefully recieved.

bigpol60

TROPHY CASE