Police tricked Deadbolt by making Bitcoin payments for decryption keys, receiving the keys, then withdrawing the ransom payments – leaving the cyber criminals without their payments after they had provided the police and cybersecurity researchers with the decryption keys to aid victims of attacks.
Describing it as a "nasty blow" for cyber criminals, Dutch Police said the operation demonstrates to cyber criminals that they're "in the crosshairs of international law enforcement authorities" and "attempts to move their criminal earnings are not without risks".
In total, Dutch Police obtained 150 keys, allowing almost 90% of Deadbolt victims who reported attacks to law enforcement to get their files back for free – and urged victims of ransomware attacks to come forward to get help.
"This action clearly shows that reporting helps: victims that reported the ransomware were given priority. Their keys were among the first we obtained, before panic struck the ransomware-group," said Matthijs Jaspers of the Dutch National Police cyber-crime team.
"On top of the international victims, we were able to obtain the keys for all the Dutch victims that filed a complaint and have notified them the very evening," he added.
The action followed a tip-off from Responders.NU, a Dutch cybersecurity firm, and the action involved several police departments.
Assistance was also provided by the Public Prosecutor's Office, Europol, the French National Police, and the French Gendarmerie.
It's recommended users keep regularly updated offline backups of data to avoid having to pay a ransom to retrieve it. However, the best course of action is to avoid falling victim to ransomware in the first place, especially because it's common for cyber criminals to steal and leak data taken from victims.