On Friday 14th of October 2022, the Dutch National Police, in collaboration with cybersecurity firm Responders.NU released a statement that revealed the collaboration was able to trick the DeadBolt ransomware group into handing over 155 decryption keys by faking ransom payments.
“The police paid, received the decryption keys, and then withdrew the payments. These keys allow files such as treasured photos or administration to be unlocked again, at no cost to victims,” – The Dutch National Police statement.
One of the experts from Responders.NU, Rickey Gevers explained that the police tricked the ransomware group into releasing the keys by cancelling the transactions before they were included in a block. Therefore, they could make the transactions with a minimum fee before the threat group could find out. The threat actors did find out within several minutes, but they were able to grab 155 keys which are about 90% of the victims who reported the deadbolt attack to the police.
Unfortunately, the DeadBold ransomware group realised they were tricked and won’t get paid so they now require double confirmation before releasing decryption keys.