We use cookies to help us improve our webpage. Please read our Cookie Policy .

Knowledge Base

All »

Q: I've been affected by ransomware. What should I do?

2022-07-25



#DeadBolt # Ransomware

If you've been affected by Deadbolt ransomware, please follow the related instructions below.


Note: If you want to enter the decryption key to retrieve lost data, you must manually update the specific ADM version: ADM 4.0.5.RUE3 or ADM 3.5.9.RUE3. The ADM version on the live update server and ASUSTOR Downloads has been higher than this version, you cannot install the latest version to decrypt the data.
Please select Manual update ADM and download the ADM image file corresponding to your NAS model in Step 2 below, and then manually update this specific ADM version in Step 3.
For further assistance, please submit a support ticket in our Support Center.


Step 1

  • Please turn off your NAS, remove all hard drives and reboot.
  • When the initialization page appears, reinsert the hard drives. (No hard drive detected in slot 1.)


Step 2

  • Wait for a while for the hard drives to go online, and the following screen will appear. Reload the webpage to if the page is not changed.
  • After firmware upgrade in the following initialization, the settings will stay as they were before Deadbolt attack, BUT encrypted files still encrypted, unencrypted files still unencrypted.


  • Please click Live update and then click Next.

Note: If you want to enter the decryption key to retrieve lost data, you must manually update the specific ADM version: ADM 4.0.5.RUE3 or ADM 3.5.9.RUE3. The ADM version on the live update server has been higher than this version, you cannot install the latest version to decrypt the data.
Please download the ADM image file corresponding to your NAS model, and then manually update this specific ADM version in Step 3.



Step 3

If you want to enter the decryption key to retrieve lost data, you must manually update the specific ADM version downloaded in the previous step: ADM 4.0.5.RUE3 or ADM 3.5.9.RUE3.

If you're on the initialization screen and not connected to the Internet or you don't need to enter the decryption key to retrieve lost data, please download ADM from ASUSTOR Downloads to your computer.


  • Once done, manually update ADM by uploading the ADM image file from your computer as shown below.
  • Please press Next.


Step 4

  • Update.
  • After the update has completed, you'll be able to return to ADM.



If you do not have a computer to update ADM with web browser, you can use the mobile app - AiMaster to update ADM:


  • Log in to your NAS on AiMaster.
  • Confirm the ADM version and update ADM directly if the update dialog appears automatically.


  • Or click [Settings] [ADM Update] to update ADM.


  • After updating ADM with AiMaster, you still need to use web browser for the following ways to restore the data if you want.


If you want to restore data and you have more than one volume installed on your NAS, use MyArchive drives, or have previously made Btrfs snapshots, please refer to the following instructions below.
Restore all backups that you may have. Alternatively, if you have Btrfs snapshots, use Snapshot Center to restore previous versions of files and erase changes done by ransomware.




If regular backups were not kept and you want to enter the decryption key to retrieve lost data:



  • Confirm details and press Install.


  • Wait for installation to complete.


  • Reload the webpage to enter the ransomware screen again. You'll be able to enter the decryption key.

Notice: ASUSTOR is not able to provide decryption keys and does not recommend the financing of criminal activity.


  • If you want to return to ADM, you can do this in one of three ways. You can add backup.cgi after/portal/ in the address bar of your browser, you can hold the power button for three seconds to shut your NAS down and turn it on again or you may use ASUSTOR Control Center or AiMaster to restart your NAS.




  • Afterwards, it is imperative to uninstall Ransomware Status from App Central.


It is possible app data could be encrypted by Deadbolt. After restoring your NAS and offloading recovered data, it is recommended to delete and recreate Volume 1 or re-initialize your NAS to ensure ADM and reinstalled apps work properly.

Was this article helpful? Yes / No