Unique action: the police free computers held hostage thanks to a trick with bitcoin

With a clever trick, the police managed to obtain the codes – without paying – with which victims can lift the digital hostage situation. According to the police, the cybercriminal realized something was up yesterday. “All the plugs were pulled on that side. An important effect is that we have now undermined their business model, their criminal process.”

According to the police, around 15,000 people and companies are currently victims of this type of ransomware, including 1100 in the Netherlands. It is a variant called DeadBolt. This ransomware encrypts QNAP-branded storage servers.

0.05 bitcoin

As a result, victims cannot access their saved photos, backups, and other files unless they pay a ransom. By transferring around a thousand euros in bitcoin, they receive a code to undo the digital hostage situation.

One of the victims is Idwer Wiersma from Bergentheim in Overijssel. He came back from vacation in July and saw that his storage server was locked, he tells RTL Nieuws. “With the message that it was not personal. And the request to pay 0.05 bitcoin, so about 1100 euros.”

“At first I thought: it’s just files,” says Wiersma. “But there are still pictures of my late in-laws and of the children. Then they become emotional files. I was definitely on my way to pay.”

clever trick

With a clever trick, the police tried to help victims without having to pay thousands of euros in bitcoins. The police came into action at a busy time on the bitcoin network. It will then take longer for the payment to be processed.

And there is the square. As soon as the transaction starts, the code to unlock the digital lock will already be sent. Because it takes some time before the payment is completed, the police have a short time to withdraw the payment. The result, if all goes well: The police have got the key and the money back.

Police are advising victims to take victims hostage from their storage servers as soon as possible first. Otherwise, the criminal can renew the encryption, causing the obtained key to stop working.

Police: ‘Send a report’

While police specialists at the Den Bosch office tried to get hold of as many keys as possible, other officers in a room further down called the first victims. The 15-20 Dutch people who have submitted a report are the first to act.

With this action, the police want to show that it is really useful to file a report. It rarely happens. Only 14 victims of DeadBolt ransomware reported the incident to the police. Because the police knew them, they could be called immediately on Thursday evening.

“We got our files back!”

Wiersma is one of them. He received a call from the police at 9 p.m. “Great. We have our first files back!”, is his first reaction when RTL Nieuws calls him.

He tells how it went: “I was instructed by the police and had to follow steps. Finally I got the key. I copied it and then the files appeared one by one.”

Wiersma is very relieved. “We were the first to see the photos from our honeymoon. I’m really happy.”

Who is behind DeadBolt?

DeadBolt is a relatively unknown form of ransomware, also known as ransomware. The criminal or criminals are exploiting a vulnerability in QNAP-branded storage servers. Tens of thousands of people worldwide are likely or have been victims of this form of digital hostage-taking.

Police do not know who is behind DeadBolt. “We are tracking this criminal or criminals, but it is difficult with cybercrime,” says Matthijs Jaspers, ransomware specialist at the East Brabant police.

“In this case, we can do a lot better to thwart the criminal and help the victims. We’re not just looking to catch that criminal. In this case, we’re really going after that disruption.”

International victims of DeadBolt ransomware can go to deadbolt.responders.nu to check if the police have their code and retrieve it. The police advise that the hostage victims first take their storage servers offline as soon as possible. Otherwise, the criminal can renew the encryption, causing the obtained key to stop working.

Rickey Gevers is a cyber security specialist. He tipped off the police about this trick and suspects that there is only one person behind DeadBolt. “Usually we see that the loot is distributed among the criminals in a group. But with DeadBolt, the received bitcoins stay in the digital wallets. If you work with others, you have to pay those people. That doesn’t happen here.”

Leave a Comment