Police tricked a ransomware gang into handing over decryption keys, giving victims the chance to unlock their encrypted data for free.
Working alongside cybersecurity company Responders.NU, the Dutch National Police received 150 decryption keys from the Deadbolt ransomware group.
With the decryption keys already in the hands of law enforcement, some victims of Deadbolt ransomware attacks can retrieve encrypted files and servers without having to pay extortionist cybercriminals.
According to Dutch police, the Deadbolt ransomware attacks focused on network attached storage (NAS) and encrypted more than 20,000 QNAP and Asustor devices worldwide, with at least a thousand of them in the Netherlands.
Also: Ransomware: Why it’s still a big threat and where the gangs are going
Police tricked Deadbolt by making bitcoin payments for decryption keys, receiving the keys and then withdrawing the ransom payments – leaving cybercriminals without their payments after providing police and cybersecurity researchers decryption keys to help attack victims.
Describing it as an “unpleasant blow” to cybercriminals, Dutch police said the operation demonstrated to cybercriminals that they are “in the crosshairs of international law enforcement” and “attempts to move their proceeds of crime are not without risk”.
In total, Dutch police received 150 keys, allowing almost 90% of Deadbolt victims who reported attacks to law enforcement to get their files back for free – and urged victims of ransomware attacks to come forward for help.
“This action clearly shows that reporting helps: victims who reported the ransomware were given priority. Their keys were among the first we received before panic hit the ransomware group,” said Matthijs Jaspers of the Dutch National Police’s cybercrime team.
“Apart from the international victims, we were able to get the keys for all the Dutch victims who lodged a complaint and notified them that evening,” he added.
The operation followed a tip from Responders.NU, a Dutch cybersecurity firm, and involved several police departments.
The prosecutor’s office, Europol, the French national police and the French gendarmerie also assisted.
Ransomware continues to be a major cybersecurity concern, as victims are often forced to pay ransoms for decryption keys.
It is recommended that users maintain regularly updated offline data backups to avoid having to pay a ransom to retrieve them. However, the best course of action is to avoid falling victim to ransomware in the first place, especially since it’s common for cybercriminals to steal and leak data taken from victims.
Steps that can be taken to improve network security and avoid falling victim to ransomware – or other cyber attacks – include applying security patches promptly and using multi-factor authentication to protect accounts from unauthorized access.
MORE ABOUT CYBERSECURITY