[Jan, 28, 2022] - Version: 18.104.22.168
DeadBolt encrypts QNAP devices using AES-128, and appends the extension ".deadbolt".
This decryptor requires a key received after paying the criminals.
An example of the ransom note "!!!_IMPORTANT_README_WHERE_ARE_MYFILES!!!.txt" can be found below:
=============================================================================== /!\ ALL YOUR FILES HAVE BEEN LOCKED BY DEADBOLT /!\ =============================================================================== # What happened? All your files have been encrypted and made inaccessible. This includes (but is not limited to) Photos, Documents and Spreadsheets. # Why Me? This is not a personal attack. You have been targeted because of the inadequate security provided by your vendor (QNAP). # What now? Visit your QNAP machine in a webbrowser and follow the instructions to get your files back. # Important Message for QNAP All your affected customers have been targeted using a zero-day vulnerability in your product. We offer you two options to mitigate this (and future) damage: 1) Make a bitcoin payment of 5 BTC to [redacted]: You will receive all details about this zero-day vulnerability so it can be patched. A detailed report will be sent to [email protected] 2) Make a bitcoin payment of 50 BTC to bc1qnju697uc83w5u3ykw7luujzupfyf82t6trlnd8: You will receive a universal decryption master key (and instructions) that can be used to unlock all your clients their files. Additionally, we will also send you all details about the zero-day vulnerability to [email protected] Upon receipt of payment for either option, all information will be sent to you in a timely fashion. There is no way to contact us. These are our only offers. Thanks for your consideration. Greetings, DEADBOLT team.