Deadbolt ransomware

bazuev · Post by **bazuev** » Thu Apr 21, 2022 8:35 pm

Hi everybody,

Just to be clear. It looks like I was not affected by this ransomware on my AS-604T. I upgraded ADM and followed Asustor's recommendations to prevent this attack.

But today I found the following line in hosts file on a Windows PC in my network pointing to IP address of my NAS:
192.168.1.3 ASTEncryptIP1

I did not find any useful information in the web about that.

The file's date is August 19, 2019. But it could be just falsified.

Could anyone affected by Deadbolt ransomware check if you have similar lines in C:\Windows\System32\drivers\etc\hosts file on Windows machines please?

Moromoro · Post by **Moromoro** » Sun Apr 24, 2022 4:37 am

bazuev wrote:
Moromoro wrote:Hi, I can't find the ransomware status App from app central , can anyone advice how to get it as I can't see the information message for that attack and all my data is locked .
Thank you.
They provide a direct link for this app on the instruction page: https://www.asustor.com/knowledge/detail/?group_id=630

https://downloadgb.asustor.com/download ... r0_any.apk

Not sure why not just upload it to App Central.

Thank you, Asustor removed it from the app central "they told me that this was for security purpose

Moromoro · Post by **Moromoro** » Sun Apr 24, 2022 4:46 am

Hi All, did anyone Pay the ransomware and received the decryption key? I appreciate if you can share the steps . thank you.

Lobster · Post by **Lobster** » Sun Apr 24, 2022 8:19 pm

It might be worth having a look through the /asustor sub-reddit, there's been some people that have supposedly paid that have posted there. I am not in any way suggesting they are telling the truth mind you, the internet is now full of secondary scams built off of the back of the Deadbolt hit.

outside79 · Post by **outside79** » Thu Apr 28, 2022 8:15 am

i got everything i need to unlock, except. i cant hit unlock button, people seem to have made this work, but this is just wierd.
both qnap users and asustor users have been able to unlock. so what the fuck is wrong right now?

Moromoro · Post by **Moromoro** » Thu Apr 28, 2022 9:36 am

outside79 wrote:i got everything i need to unlock, except. i cant hit unlock button, people seem to have made this work, but this is just wierd.
both qnap users and asustor users have been able to unlock. so what the fuck is wrong right now?

you may try Emsisoft to decrypt the data ,

https://www.emsisoft.com/ransomware-dec ... s/deadbolt

SlyBrutal · Post by **SlyBrutal** » Fri Apr 29, 2022 3:19 pm

Moromoro wrote:Hi All, did anyone Pay the ransomware and received the decryption key? I appreciate if you can share the steps . thank you.

Hi,
Around page 33-34 you will find how to pay, I have already described it there once.

Moromoro · Post by **Moromoro** » Mon May 02, 2022 9:23 am

SlyBrutal wrote:
Moromoro wrote:Hi All, did anyone Pay the ransomware and received the decryption key? I appreciate if you can share the steps . thank you.
Hi,
Around page 33-34 you will find how to pay, I have already described it there once.

Thank you

Pilloso · Post by **Pilloso** » Thu May 12, 2022 7:19 pm

Hello, i followed the solution from Asustor:
https://www.asustor.com/en-gb/knowledge ... oup_id=630

Everything seems fine, but how can I be sure the Nas is clean of viruses?
Is it enough to update ADM, disable services and change ports?

ov2rey · Post by **ov2rey** » Fri Jun 10, 2022 7:45 pm

Hi everyone, today my Nas was attacked and this is my second times.... Using latest firmware

: dead.jpg (248.77 KiB) Viewed 3972 times

ASUSTOR Community Forum

Deadbolt ransomware

Re: Deadbolt ransomware

Re: Deadbolt ransomware

Re: Deadbolt ransomware

Re: Deadbolt ransomware

Re: Deadbolt ransomware

Re: Deadbolt ransomware

Re: Deadbolt ransomware

Re: Deadbolt ransomware

Re: Deadbolt ransomware

Re: Deadbolt ransomware