The Dutch police have obtained more than 150 decryption keys from the DeadBolt ransomware group that victims can now use to unlock their stolen files for free.
In a “unique” operation, the Dutch National Police said it exploited a weak link in DeadBolt’s system that allowed it to pay the criminals, receive the decryption keys, and then withdraw the payments.
The police said the operation was possible due to a tip-off from cybersecurity firm Responders.NU, which provided it with the method to “trick” the cybercriminals using bitcoin payments.
According to a police statement, it managed to obtain the keys for all the Dutch victims who filed a report. It said it could also help 90% of international victims who filed a complaint in one of the 13 other countries.
“This action clearly shows that reporting helps: victims that reported the ransomware were given priority. Their keys were among the first we obtained, before panic struck the ransomware group,” Matthijs Jaspers of the Dutch police said in a statement.
The police did not disclose the number of victims it helped but noted DeadBolt had encrypted more than 20,000 storage devices worldwide, including at least 1,000 in the Netherlands.
The Dutch Public Prosecutor’s Office, Europol, and French law enforcement services assisted in the operation, which the police said dealt “a nasty blow” to the cybercriminals, forcing them to shut down their system.
“It will be clear to them that they are in the crosshairs of international law enforcement authorities: attempts to move their criminal earnings are not without risks,” the police said.
DeadBolt preys on small businesses and home computer users rather than larger companies. Its malware uses vulnerable network-attached storage devices (NAS) to target backup files.
More from Cybernews:
Subscribe to our newsletter