DeadBolt encrypts QNAP devices using AES-128, and appends the extension ".deadbolt".
This decryptor requires a key received after paying the criminals.
An example of the ransom note "!!!_IMPORTANT_README_WHERE_ARE_MYFILES!!!.txt" can be found below:
/!\ ALL YOUR FILES HAVE BEEN LOCKED BY DEADBOLT /!\
# What happened?
All your files have been encrypted and made inaccessible. This includes
(but is not limited to) Photos, Documents and Spreadsheets.
# Why Me?
This is not a personal attack. You have been targeted because of the inadequate
security provided by your vendor (QNAP).
# What now?
Visit your QNAP machine in a webbrowser and follow the instructions to
get your files back.
# Important Message for QNAP
All your affected customers have been targeted using a zero-day vulnerability in
your product. We offer you two options to mitigate this (and future) damage:
1) Make a bitcoin payment of 5 BTC to [redacted]:
You will receive all details about this zero-day vulnerability so it
can be patched. A detailed report will be sent to [email protected].
2) Make a bitcoin payment of 50 BTC to bc1qnju697uc83w5u3ykw7luujzupfyf82t6trlnd8:
You will receive a universal decryption master key (and instructions) that can
be used to unlock all your clients their files. Additionally, we will also send
you all details about the zero-day vulnerability to [email protected].
Upon receipt of payment for either option, all information will be sent to
you in a timely fashion.
There is no way to contact us.
These are our only offers.
Thanks for your consideration.