Dutch Police Tricked Deadbolt Ransomware Gang Into Giving Away 150 Decryption Keys

Dutch Police Tricked Deadbolt Ransomware Gang Into Sharing Decryption Keys

According to Dutch Police, Deadbolt ransomware attacks mainly focused on NAS (network-attached storage).

In a novel sting operation, the Dutch law enforcement officials tricked the Deadbolt ransomware gang into handing over decryption keys, providing the victims an opportunity to get encrypted files back without paying a ransom. Using the keys, they can unlock files for free.

Dutch Police is probably one of the most active and committed agencies when it comes to taking down cyber criminals and cybercrime. In 2018, the agency was behind in seizing two of the largest dark web marketplaces including AlphaBay and Hansa.

How Dutch Police Tricked Notorious Ransomware Gang

The Dutch National Police collaborated with cybersecurity firm RESPONDER.NU AND successfully obtained 150 decryption keys from the Deadbolt ransomware group. 

NU said they could unlock the computers of all Dutch victims who had filed complaints. With the availability of decryption keys, the department could retrieve encrypted servers and files, including photos and administrative content, and the victims didn’t need to give in to the ransom demands of the Deadbolt extortionists.

According to the NU officials, they stole the decryption keys from the criminal group. The department’s cybercrime teams transferred funds in bitcoins to the extortionists as ransoms, but as soon as the gang gave them the decryption key, they withdrew funds.

Later, the police aided the victims of Deadbolt ransomware gangs by providing them with the decryption key and also helped international victims. Authorities claim it to be a ‘nasty blow’ to the cybercriminals as the police made it clear that they cannot run away from international law enforcement agencies.

Details of Deadbolt Attacks

In a press release, the police confirmed that Deadbolt ransomware attacks mainly focused on NAS (network-attached storage). The gang had encrypted over 20,000 QNAP and Asustor devices, and the victims were spread worldwide. Around a thousand of its victims were located in the Netherlands.

Dutch Police Tricked Deadbolt Ransomware Gang Into Giving Away 150 Decryption Keys
Ransom note of the DeadBolt ransomware gang.
  1. How Dutch Police Busted Hansa Dark Web Marketplace
  2. Dutch Police takes down 15 DDoS-for-hire services in one week
  3. DDoS booter customers received warning letters by Dutch police
  4. Dutch Police Nabs Romanian Gang for Stealing $590K worth of iPhones
  5. Dutch police share list of identified, active, arrested Hansa vendors, buyers

150 Decryption Keys Obtained 

The Dutch police obtained around 150 keys and saved 90% of Deadbolt victims who had reported becoming victims of the gang’s ransomware attacks. The police have urged victims to contact them and get their data back. The sting operation involved multiple police departments, and it could become successful through a tip-off from Responders.

Other agencies that helped in this operation include Europol, the Public Prosecutor’s Office, the French National Police, and the French Gendarmerie.

The Dutch National Police cyber-crime team’s Matthijs Jaspers stated that it is imperative to report such crimes and trust the department before giving in to the cybercriminals’ demands.

“This action clearly shows that reporting helps: victims that reported the ransomware were given priority. Their keys were among the first we obtained before panic struck the ransomware group.”

Matthijs Jaspers
Related Posts