Dutch police recover over 150 ransomware decryption keys
The police have obtained more than 150 unlock codes for computer systems affected by ransomware, a type of malware that locks a device until a ransom is paid to criminals. Through tricking a criminal group, the police were able to free the computers of all Dutch victims who had filed a complaint, according to the police.
Police say they stole the "decryption keys" from Deadbolt, a criminal group that distributes ransomware. Police cybercrime teams transferred bitcoins to the criminals as ransoms, but withdrew the payments as soon as they were given a code. According to the police, 20,000 storage devices worldwide have been held hostage by Deadbolt's software, at least 1,000 of which are in the Netherlands.
All Dutch victims who previously reported the ransomware have now been helped, according to the police. The exact number of people involved has not been disclosed. "This action clearly shows that reporting helps: victims that reported the ransomware were given priority," said Matthijs Jaspers of the cybercrime team. "Their keys were among the first we obtained, before panic struck the ransomware group."
Codes were also provided to victims from abroad, according to the police. "With these keys, files such as precious photos or administration can be unlocked again, without costing the victims money."
To get the codes, the Dutch police cooperated with the Public Prosecution Service, Europol, the French police and the French Gendarmerie. The Dutch police received a tip the method of getting the keys from cybersecurity company Responders.NU. On the company's site, victims of ransomware can check whether their code was obtained.
Reporting by ANP and NL Times