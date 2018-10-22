from the tricked-instead-of-treated dept.
Sting against Deadbolt ransomware groups provides victims with a way to get encrypted files back without paying up:
Working alongside cybersecurity company Responders.NU, the Dutch National Police obtained 150 decryption keys from ransomware group Deadbolt.
With the decryption keys now in the hands of law enforcement, some victims of Deadbolt ransomware attacks can retrieve encrypted files and servers without the need to pay cyber-criminal extortionists.
[...] Police tricked Deadbolt by making Bitcoin payments for decryption keys, receiving the keys, then withdrawing the ransom payments – leaving the cyber criminals without their payments after they had provided the police and cybersecurity researchers with the decryption keys to aid victims of attacks.
Describing it as a "nasty blow" for cyber criminals, Dutch Police said the operation demonstrates to cyber criminals that they're "in the crosshairs of international law enforcement authorities" and "attempts to move their criminal earnings are not without risks".
(Score: 3, Interesting) by vux984 on Tuesday October 18, @08:08PM (2 children)
So I assume that is NOT what actually happened here? What did happen?
(Score: 3, Informative) by fraxinus-tree on Tuesday October 18, @09:02PM
In fact, somewhat possible. You pay to someone, then pay from the same wallet to someone else, using higher transaction fee. The first recipient gets a valid transaction, but it does not land in the blockchain because the other one is preferred by the miners.
(Score: 2) by rigrig on Tuesday October 18, @09:02PM
At Tweakers [tweakers.net](Dutch tech site), the assumption is they managed to double-spend:
1. Send the bitcoins at a busy time, with a very low transaction fee -> transaction is shared on the blockchain, but unconfirmed
2. Show the transaction to the criminals, receive decryption key
3. Before the transaction is confirmed, send the same bitcoins to yourself with a higher transaction fee -> transaction 1 is invalidated
