Dutch Police obtain 155 decryption keys for Deadbolt ransomware victims

Police in the Netherlands said they were able to trick the group behind the Deadbolt ransomware to hand over the decryption keys for 155 victims during a police operation announced last week.

In a statement, the Dutch National Police said on Friday that they conducted a targeted operation where they effectively paid a ransom in Bitcoin, received the decryption keys and then were able to withdraw the payment before it fully went through.

Since January, thousands of customers using Taiwanese hardware maker QNAP’s network-attached storage (NAS) devices have reported being attacked by the Deadbolt ransomware group, which demands a ransom of 0.03 Bitcoin (about $600) for the decryption key.

After the initial attacks affected about 3,600 devices in January, the group continued to resurface with campaigns in March, May, June and September this year. They also expanded their attacks to include NAS devices from Asustor

Message boards around the world have been flooded with customers lamenting the loss of files that included family photo albums, wedding videos and more. Dozens of users took to Reddit to complain that they were among those attacked in the latest campaign.

On Friday, the Dutch National Police said the group has encrypted more than 20,000 QNAP and Asustor devices since the campaign began, including more than 1,000 victims in the Netherlands. 

The idea for the operation started with Dutch cybersecurity company Responders.NU, which figured out the ransom payment trick and worked on the operation with the Dutch National Police, the Public Prosecution Service, Europol, the French National Police and the French Gendarmerie.

“We assist many victims of ransomware and saw an opportunity to obtain decryption keys,” said Responders.NU cybersecurity expert Rickey Gevers. “We shared that with the cybercrime team of the police…