Tricking the ransomware gang at its own game
Most hackers have shown that they are smart at their criminal craft, carving out lucrative careers, while some are plain stupid and belong to the club of gullible novices. The latter can be attributed to a ransomware gang that recently got tricked at its own game.
Oh yes, right when they thought all their hard work would pay off, they were set up for failure from the start.
It’s not everyday a few wily cops outplay hackers with ransom payments, which is why this is one for the books. Accordingly, the payments were sent but the cops had a master plan for the criminals. With law enforcement knowledge of the blockchain, they were able to outsmart the hackers.
The ransomware gang thought that the bitcoin payments were on the way to their wallet, and released the decryption keys. However, the canceled transactions did not record on the threat actors’ end, when law enforcement had already received the decryption keys to unlock the previously barred files.
The payments were sent, and the proof was sent to the hackers, but they would be canceled before being recorded on the cryptocurrency blockchain.
Smash and Grab Operation
Responders.NU cyber researcher, Rickey Gevers, revealed that the officers stated that they were in a smash and grab situation since only a minor amount of the ransom money was sent, and time was of the essence before the criminal hackers would realize that they were being double scammed.
In conjunction, the Dutch Police and Europol developed a portal where unreported DeadBolt victims could use the seized decryption keys to unlock their corrupted files. Victims are being asked to constantly scan the keys listed at the portal set up to assist them at deadbolt.responders.nu.
For their brave effort, the officers were able to seize 155 keys, before the thieves realized their scheme in a matter of minutes. The successful scam against the hackers led to the decryption key being provided free of charge to most of the victims. However, so far, only 90% of the victims that were targeted by the Deadbolt ransomware attack had reported the incident.
Thanks to the brave officers whole made it all possible, as they knew the time of day when the Bitcoin blockchain is usually extremely busy. As a result, the ransom payments were sent during that specific time, with just a small processing fee.
Congested Blockchain Prevents Payments
So, the Dutch Police and Responders.NU worked in tandem to create the transactions, and obtain the decryption keys. Before the hackers could rejoice at their good fortune, the bitcoin transaction was canceled. By utilizing the busiest time for transactions on the blockchain, they knew it would have taken a lot longer to process and send out confirmation of the bitcoin payments.
Being able to outsmart an ingenious criminal ring is always priceless. With their good fortune, the cops were able to dupe the hackers out of 155 decryption keys by only paying just the low transaction fee associated with sending cryptocurrency to another wallet.
Unfortunately, new victims will not be able to trick these scammers anymore and get off scotch free without paying the requested ransom. After realizing that they were being tricked, the DeadBolt ransomware gang has implemented new changes to their ransom payment strategy. Now, they are demanding that victims must wait for double confirmation before they would release decryption keys for encrypted files.
The DeadBolt ransomware gang has been launching massive ransomware attacks since the beginning of 2022. So far, they have constantly attacked QNAP customers, the company had advised customers to maintain their devices with frequently released updates.