Working alongside cybersecurity company Responders.NU, the Dutch National Police obtained 150 decryption keys from ransomware group Deadbolt.
With the decryption keys now in the hands of law enforcement, some victims of Deadbolt ransomware attacks can retrieve encrypted files and servers without the need to pay cyber-criminal extortionists.
[...] Police tricked Deadbolt by making Bitcoin payments for decryption keys, receiving the keys, then withdrawing the ransom payments – leaving the cyber criminals without their payments after they had provided the police and cybersecurity researchers with the decryption keys to aid victims of attacks.
Describing it as a "nasty blow" for cyber criminals, Dutch Police said the operation demonstrates to cyber criminals that they're "in the crosshairs of international law enforcement authorities" and "attempts to move their criminal earnings are not without risks".
(Score: 4, Interesting) by vux984 on Tuesday October 18 2022, @08:08PM (5 children)
So I assume that is NOT what actually happened here? What did happen?
(Score: 5, Interesting) by fraxinus-tree on Tuesday October 18 2022, @09:02PM (3 children)
In fact, somewhat possible. You pay to someone, then pay from the same wallet to someone else, using higher transaction fee. The first recipient gets a valid transaction, but it does not land in the blockchain because the other one is preferred by the miners.
(Score: 2) by Fnord666 on Wednesday October 19 2022, @09:02PM (2 children)
If they're not smart enough to wait until the payment makes it into the blockchain and is at least several blocks down before releasing the decryption keys, then they deserve to get played this way. Then again, why is the ransomware using the same key for different attacks? Shouldn't it generate an ephemeral key for the drive encryption, then encrypt that using a public key that belongs to the attackers? To pay the ransom you also send the encrypted key block, the criminals decrypt the block and send back the epheremal key which is of no use to anyone else.
(Score: 2) by fraxinus-tree on Thursday October 20 2022, @08:50AM (1 child)
They are as smart as it goes. They need to be rather quick. On the other hand, some ransomware uses ephemeral keys, but this requires internet connection at the moment of generation or even more complex scheme of key generation. This can make losing an essential key information easy. Gangs that require payment but don't decrypt the information don't develop their business well.
(Score: 2) by Fnord666 on Thursday October 20 2022, @01:41PM
The ephemeral key can be generated randomly and encrypted using a public key embedded in the ransomware with no internet connection required. The resulting encrypted key "blob" will be submitted with the payment. The only real trick is to make sure the "random" number generator is sufficiently random so that they key can't be determined.
I do agree that if they aren't decrypting the information then word will get out quickly and no one will pay the ransom going forward. They need to think about their "customer's" needs. In business reputation is important.
(Score: 5, Informative) by rigrig on Tuesday October 18 2022, @09:02PM
At Tweakers [tweakers.net](Dutch tech site), the assumption is they managed to double-spend:
1. Send the bitcoins at a busy time, with a very low transaction fee -> transaction is shared on the blockchain, but unconfirmed
2. Show the transaction to the criminals, receive decryption key
3. Before the transaction is confirmed, send the same bitcoins to yourself with a higher transaction fee -> transaction 1 is invalidated
No one remembers the singer.
(Score: 1) by Runaway1956 on Tuesday October 18 2022, @10:23PM (2 children)
Good that the trick worked. Not so good that they are telling the world what they did. The next bunch of suckers won't be so easy to fool.
Abortion is the number one killed of children in the United States.
(Score: 0) by Anonymous Coward on Wednesday October 19 2022, @01:07AM (1 child)
Because, what, the next bunch of suckers have alternatives to cryptocurrency?
(Score: 3, Informative) by Runaway1956 on Wednesday October 19 2022, @01:22AM
The next bunch of suckers won't hand over the crypto keys, until they actually get the crypto cash. Thimk about it.
Abortion is the number one killed of children in the United States.