Security News > 2022 > October > Police tricks DeadBolt ransomware out of 155 decryption keys
NU, obtained 155 decryption keys from the DeadBolt ransomware gang by faking ransom payments.
When the victim enters this key into the ransom note screen, it will be converted into a SHA256 hash and compared to the SHA256 hash of the victim's decryption key and the SHA256 hash of the DeadBolt master decryption key.
"The police paid, received the decryption keys, and then withdrew the payments. These keys allow files such as treasured photos or administration to be unlocked again, at no cost to victims," according to a news release published Friday.
NU security expert Rickey Gevers told BleepingComputer, the police tricked the ransomware gang into releasing the keys by canceling the transactions before they were included in a block.
"The attacker found out within several minutes, but we were able to grab 155 keys. 90% of the victims who reported the deadbolt attack to the police. So most of them got the decryption key for free."
NU also created a platform where DeadBolt victims who haven't filed a police report or couldn't be identified can check if their decryption key is among the ones obtained from the ransomware gang.