<style>/*<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3589136026507255572&zx=eade4ae4-2c1e-4ba4-b308-2df48e9fbda9' media='none' onload='if(media!='all')media='all'' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3589136026507255572&zx=eade4ae4-2c1e-4ba4-b308-2df48e9fbda9' rel='stylesheet'/></noscript>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2831139136270004&host=ca-host-pub-1556223355139109" crossorigin="anonymous"></script>

<!-- data-ad-client=ca-pub-2831139136270004 -->

<link rel="stylesheet" href="https://fonts.googleapis.com/css2?display=swap&family=Roboto&family=Open+Sans&family=Consolas&family=Source+Sans+Pro&family=Raleway"></head><body>*/</style>

DeadBolt ransomware locks QNAP devices

What is QNAP ?

QNAP is a type of network attached storage nas, that consist of one or more hard drives, that are constantly connected to the internet.

The QNAP works as your backup hub or storage unit that stores all your important files and media.Such as photos, videos, and music.

You don't need external hard drive, NAS can be placed at home and accessible for you and your family to use at any time, and anywhere.

DeadBolt ransomware targeting QNAP devices?

DeadBolt ransomware is targeting QNAP devices and appending the .deadbolt extension to encrypted file's names.

DeadBolt ransomware locks QNAP

The ransomware is also hijacking the QNAP login screen to display a ransom note demanding 0.03 cryptos, worth approximately $1100. last time QNAP found solution for free when .7z encrypt their devices.

Each victim receives a unique crypto address and there is no confirmation that paying a ransom will provide a decryption key.

When a QNAP device is compromised a random named file will be created at HDA ROOT.

This random named file is the Linux ransomware executable used to encrypt and decrypt your device.

When executed, it will take a command line argument.

How to Decrypt DeadBolt ransomware ?

DeadBolt will also replace the index.html file so that when you access the device you will see a ransom screen instead.

this will prompt you to enter a decryption key that can be obtained by sending 0.03 bit-coins to a listed bit-coin address.

After payment, the threat actors will create another bit coin transaction to the same address that has the decryption key,for your device.

The decryption key is located under the OP RETURN output, as shown below.

When you enter this key into the ransom note screen, the web page will convert the key into a SHA 256 hash.

If that SHA 256 hash matches the SHA 256 hash of your device's decryption key, it will decrypt the device with that key.

If that SHA 256 hash matches the SHA256 hash of the master decryption key, it will decrypt the device with that key.

Users can bypass the ransom screen and gain access to their admin page by using some URLs shown in deadbolt ransomware video.

Emsisoft released the deadblot decryptor, you can download it Now from Emsisoft Decrypt Tools.

<style>/*
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/3586246945-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY49kLFh-b3prM-zHF4ukP9exGHA7w:1728257448868';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d3589136026507255572','//mango-school.blogspot.com/2022/01/deadbolt-ransomware-locks-qnap-devices.html','3589136026507255572');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3589136026507255572', 'title': 'Mango School for Information Technology and Cyber Security', 'url': 'https://mango-school.blogspot.com/2022/01/deadbolt-ransomware-locks-qnap-devices.html', 'canonicalUrl': 'https://mango-school.blogspot.com/2022/01/deadbolt-ransomware-locks-qnap-devices.html', 'homepageUrl': 'https://mango-school.blogspot.com/', 'searchUrl': 'https://mango-school.blogspot.com/search', 'canonicalHomepageUrl': 'https://mango-school.blogspot.com/', 'blogspotFaviconUrl': 'https://mango-school.blogspot.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': false, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Mango School for Information Technology and Cyber Security - Atom\x22 href\x3d\x22https://mango-school.blogspot.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Mango School for Information Technology and Cyber Security - RSS\x22 href\x3d\x22https://mango-school.blogspot.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Mango School for Information Technology and Cyber Security - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/3589136026507255572/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Mango School for Information Technology and Cyber Security - Atom\x22 href\x3d\x22https://mango-school.blogspot.com/feeds/3130270856349289641/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-2831139136270004', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': true, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/5567c04bb654202b', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'Read-more \xbb', 'pageType': 'item', 'postId': '3130270856349289641', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/a/AVvXsEgt2uTvncW-wlMUnpUZNC4w6dzYmdVcC-Q-zqdumry8NwdZIWohFvrdcplOVmF2MrV2UXtMLzW7e_A_5Iq8w3wzbmpROlB4GC9NpuDDNqsk7QzQ85Rpi3jt3PY3cRt8YEx9iVktIvNqUifqkSIxenmCzmLYxWnKF4z27WGzTv4LkfTtdAjqoRadb2mkSw\x3ds72-c', 'postImageUrl': 'https://blogger.googleusercontent.com/img/a/AVvXsEgt2uTvncW-wlMUnpUZNC4w6dzYmdVcC-Q-zqdumry8NwdZIWohFvrdcplOVmF2MrV2UXtMLzW7e_A_5Iq8w3wzbmpROlB4GC9NpuDDNqsk7QzQ85Rpi3jt3PY3cRt8YEx9iVktIvNqUifqkSIxenmCzmLYxWnKF4z27WGzTv4LkfTtdAjqoRadb2mkSw\x3ds16000', 'pageName': 'DeadBolt ransomware locks QNAP devices', 'pageTitle': 'Mango School for Information Technology and Cyber Security: DeadBolt ransomware locks QNAP devices', 'metaDescription': 'DeadBolt ransomware is targeting QNAP devices and appending the .deadbolt extension to encrypted file\x27s names.'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'DeadBolt ransomware locks QNAP devices', 'description': 'DeadBolt ransomware is targeting QNAP devices and appending the .deadbolt extension to encrypted file\x27s names.', 'featuredImage': 'https://blogger.googleusercontent.com/img/a/AVvXsEgt2uTvncW-wlMUnpUZNC4w6dzYmdVcC-Q-zqdumry8NwdZIWohFvrdcplOVmF2MrV2UXtMLzW7e_A_5Iq8w3wzbmpROlB4GC9NpuDDNqsk7QzQ85Rpi3jt3PY3cRt8YEx9iVktIvNqUifqkSIxenmCzmLYxWnKF4z27WGzTv4LkfTtdAjqoRadb2mkSw\x3ds16000', 'url': 'https://mango-school.blogspot.com/2022/01/deadbolt-ransomware-locks-qnap-devices.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 3130270856349289641}}, {'name': 'widgets', 'data': [{'title': 'Logo', 'type': 'HTML', 'sectionId': 'header-main', 'id': 'HTML10'}, {'title': 'Icons, Dark, Search', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList10'}, {'title': 'Menu', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList11'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'blog-post', 'id': 'Blog1', 'posts': [{'id': '3130270856349289641', 'title': 'DeadBolt ransomware locks QNAP devices', 'featuredImage': 'https://blogger.googleusercontent.com/img/a/AVvXsEgt2uTvncW-wlMUnpUZNC4w6dzYmdVcC-Q-zqdumry8NwdZIWohFvrdcplOVmF2MrV2UXtMLzW7e_A_5Iq8w3wzbmpROlB4GC9NpuDDNqsk7QzQ85Rpi3jt3PY3cRt8YEx9iVktIvNqUifqkSIxenmCzmLYxWnKF4z27WGzTv4LkfTtdAjqoRadb2mkSw\x3ds16000', 'showInlineAds': false}], 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'share', 'label': ''}]}], 'allBylineItems': [{'name': 'share', 'label': ''}]}, {'title': 'Popular Posts', 'type': 'PopularPosts', 'sectionId': 'sidebar-static', 'id': 'PopularPosts10', 'posts': [{'title': 'How to remove ygvb Ransomware', 'id': 729607464617877353}, {'title': 'New WhatsApp Communities feature', 'id': 8367762764082842155}, {'title': 'Zzla file ransomware virus Removal Decrypt', 'id': 9089289928437659324}, {'title': 'Gujd file ransomware virus Removal Decrypt', 'id': 5638591793488345148}, {'title': 'USA bans Kaspersky - What are the reasons?', 'id': 8464110779646215258}]}, {'title': '#Recent Post', 'type': 'HTML', 'sectionId': 'sidebar-static', 'id': 'HTML19'}, {'title': 'Follow Mango school', 'type': 'LinkList', 'sectionId': 'footer-widget', 'id': 'LinkList14'}, {'title': 'Copyright', 'type': 'HTML', 'sectionId': 'copyright', 'id': 'HTML23'}, {'title': 'SVG Icons', 'type': 'HTML', 'sectionId': 'jet-options', 'id': 'HTML24'}]}]);
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML10', 'header-main', document.getElementById('HTML10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList10', 'header-main', document.getElementById('LinkList10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList11', 'header-main', document.getElementById('LinkList11'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'blog-post', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/2591911167-lbx.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/13464135-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts10', 'sidebar-static', document.getElementById('PopularPosts10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML19', 'sidebar-static', document.getElementById('HTML19'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList14', 'footer-widget', document.getElementById('LinkList14'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML23', 'copyright', document.getElementById('HTML23'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML24', 'jet-options', document.getElementById('HTML24'), {}, 'displayModeFull'));
</script>
</body>*/</style>