The Dutch law enforcement authorities have tricked the Deadbolt ransomware operators into giving up 155 decryption keys for their victims during a recent police operation. The operation involved the police paying a ransom via Bitcoin in exchange for the decryption keys. After receiving the keys, the police withdrew the payment before it went through the attackers’ accounts.
Deadbolt operators have targeted QNAP NAS devices since the first few months of 2022, with victims reporting being demanded 0.03BTC or $600 as a ransom per decryption key. The statement from the Dutch police revealed that the group had encrypted over 20,000 QNAP and Asustor devices for their ransomware campaign, with about a thousand victims from the Netherlands.
Partnered with several European authorities, the Dutch National Police planned to obtain the Deadbolt decryption keys through a ransom payment trick.
According to the authorities, they had taken advantage of Bitcoin’s network congestion in sending the ransom payment to the attackers, which could delay a complete payment transaction. After sending the payment, the police got the decryption keys and canceled the transaction before it reached the attackers’ account.
The 155 decryption keys obtained in the police operation could help almost all victims that the Deadbolt ransomware group had reportedly attacked. The authorities highlighted that it is truly beneficial for all cyberattack victims to report incidents and file complaints, as proper measures and responses could help disrupt malicious actors.
After the police operation, it was revealed that the Deadbolt gang had added a second layer of confirming payment processes before dispersing decryption keys. On the other hand, the Dutch police warned the threat group that international law enforcement organisations would trace them until their campaigns were shut down.
A website was subsequently created (deadbolt.responders.nu), which other victims could visit to check if they were among those that could use the obtained decryption keys from the operation. Deadbolt’s mostly targeted countries include the US, the UK, and Germany.
