The police took advantage of the slow processing time for Bitcoin payments with low transaction fees to carry out the operation. They secured the decryption keys of all Dutch victims and 90 percent of the people from 13 countries who filed a report after falling victim to Deadbolt. “These keys allows files such as treasured photos or administration to be unlocked again, at no cost to victims,” the Dutch police said in a press release. Different departments of the Dutch police, as well as the Netherlands’ Public Prosecutor’s Office, the French police, the French Gendarmerie, and Europol, assisted in this operation.
How the Police Outwitted Deadbolt
The Dutch police acted on a tip from cybersecurity firm Responders.NU about a possible method to obtain decryption keys from Deadbolt without paying the ransom. Deadbolt usually releases decryption keys once ransom payment is made, even before crypto transactions are complete. The police capitalized on a window of opportunity while the blockchain was congested to make a payment to Deadbolt, access the decryption keys, and cancel the transaction, cybersecurity firm Bitdefender explained. This happened before Deadbolt could detect the trick. “This action clearly shows that reporting helps: victims that reported the ransomware were given priority. Their key were among the first we obtained, before panic struck the ransomware-group,” Matthjis Jaspers, a member of the Dutch Police’s crime team, said. A total of 155 decryption keys were snatched from Deadbolt, Responders.NU revealed on Twitter. After realizing they were tricked, Deadbolt now requires additional confirmation before releasing decryption keys. Deadbolt, a relatively new ransomware group, has been operating since last year. They are known for infecting thousands of QNAP NAS devices in January 2022 and demanding ransom payments in Bitcoin. Deadbolt has encrypted over 20,000 QNAP and Asustor devices across the world. About 1,000 of the group’s victims were based in the Netherlands, the Dutch police said.
Making Headway in the Fight Against Ransomware
Ransomware is a major global risk. Hackers usually snare their victims through phishing or social engineering and block access to the data on their servers or devices until a ransom is paid. If you’ve been a victim of Deadbolt, head over to Deadbolt.responders.nu and check if your decryption key is part of the lot that the Dutch Police wrestled from the ransomware group. The Dutch National Police is on a mission to help victims regain control of their devices without giving in to the ransom demands of threat actors. Its No More Ransom initiative, launched in collaboration with Europol and cybersecurity companies, currently offers 136 tools that are effective against 165 ransomware variants. “This case illustrates how the police are working on a broad fight against cybercrime: disrupting and thwarting criminals and helping victims,” the police said in a statement. To learn more about this threat and how to protect yourself against the nefarious cybercrime schemes of ransomware groups, check out our guide to ransomware.