got Deadbolted

A couple of weeks ago I found out that my Asustor server had been hit by the Deadbolt break in. All my files are now encrypted and I can only get them back if I pay up some bitcoins.

I hardly used it anymore, it was mostly an archive of old stuff, so it was on low maintenance. But I did have a Syncthing share on it as well. Now *.deadbolt files shows up all over my Syncthing net, the original files are still there, but copies with an added .deadbolt extension is also there.

I don’t know how long the server had been hacked when I found out, but it was a few weeks after the Asustor-Deadbolt story started to get reports all over. I don’t know how many files the server had syncthinged to others before I pulled the plug, pehaps a few thousand. It wasn’t the quickest little server around, thankfully.

Now I’ve added .deadbolt to the ignore list on every share on every machine. It took a while. I wish there would be a way to set ignores device wide, in the settings besides Ignored machines and folders…

Next step is to Catfish those .deadbolt files. I haven’t tried to save the server yet.


The clutter is surely annoying but I’d call this a Syncthing success story! :+1:

Such polite ransomware, giving you a consistent flag to filter. :sweat_smile: :ok_hand:


Did you use stversions or where the original files synced back? The cryptolocker must have removed in normal cases the original file or else the hack is useless.

1 Like