Police tricked hackers into decrypting keys to their ransomware virus

(ORDO NEWS) — The Dutch National Police tricked the operators of the DeadBolt ransomware into handing over 155 keys to decrypt the data.

Since the beginning of 2022, these hackers have been attacking servers from different manufacturers around the world.

Most of the virus targets Qnap devices, but attacks on ASUSTOR servers have also been detected. According to police, the ransomware broke more than 20,000 devices worldwide and at least 1,000 in the Netherlands.

Failed Hackers

Owners of hacked file storages (Network Attached Storage, NAS) are required to pay 0.03 bitcoin, which is about $575 today . In return, they promise to provide a decryption key to restore access to data.

The police paid the ransom, obtained the decryption keys, and then withdrew their payments.

These keys allow you to unlock files such as valuable photos or administrative files without spending the money of the victims, law enforcement officials say in a press release.

Edition Bleeping Computer told how they did it. Ricky Gevers from RespondersNU explained that the decryption key was sent to the victims immediately, without waiting for confirmation of the legitimacy of the transaction.

Apparently, they are generated automatically without human intervention. This allowed fake low-fee ransom payments to be made when the blockchain was heavily congested.

Since the blockchain needed time to confirm transactions, the police managed to complete the transactions, get the keys, and immediately cancel the payments.

“We specifically carried out transactions with a minimum commission. Since we knew that attackers would quickly understand everything, we had to act rudely and grab what we had time,” Gevers says.

“The attackers understood what was happening within a few minutes, but we managed to get 155 keys .90% of the victims reported DeadBolt attacks to the police, so most of them got their decryption keys absolutely free.”

Unfortunately, the ransomware has figured out exactly how they were scammed and now require double confirmation before handing over keys to decrypt data to victims.


Contact us: [email protected]

Our Standards, Terms of Use: Standard Terms And Conditions.