March 26, 2023

A decryption key is now available for DeadBolt ransomware only a few days after the strain first appeared. The catch, however, is that it requires a decryption key provided by threat actors to work.

The key, released by security vendor Emsisoft, arrives only a few days after the DeadBolt ransomware gang began targeting the customers of QNAP network-attached storage (NAS) devices. Customers affected by the ransomware were told to pay 0.03 bitcoin (approximately $1,150 USD as of this writing) to have their files decrypted.


The ransom note that victims received also included a note for Taiwanese hardware vendor QNAP. According to the note, DeadBolt exploited a zero-day vulnerability that enabled the gang to attack vulnerable QNAP NAS devices exposed to the internet. QNAP was then told to pay 5 bitcoin for vulnerability details or 50 bitcoin for vulnerability details and a mass decryption key.

Whether this decryption tool would have even worked remains in question, as a user on the QNAP NAS community forums claimed to have paid the ransom and received an invalid key. The firmware update by QNAP is the cause of decryption issues.

Emsisoft’s decryption tool allows customers who paid the ransom to implement their decryption key correctly.

Leave a Reply

%d bloggers like this: