Security News > 2022 > October > When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)
You paste the hexadecimal code from the BTC transaction into the ransomware "Login page", and the process fires up a decryption program left behind by the crooks that unscrambles all your data.
Loosely speaking, once Bitcoin miners see that a not-yet-processed transaction involves funds that someone else has already "Mined", they simply stop working on the unfinished transaction, on the grounds that it's now worthless to them.
There's no altruism involved here: after all, if the majority of the network has already decided to accept the other transaction, and to embrace it into the blockchain as "The one the community accepts as valid", the conflicting transaction that hasn't gone through yet is worse than useless for mining purposes.
Once the cops had each decryption key, they immediately sent out a "Double-spend" transaction.
Guess which transactions got the attention of the miners first? Guess which ones got confirmed? Guess which transactions came to nothing?
All the crooks have to do in future is to wait until they can see their payments are confirmed before replying with the decryption keys, instead of triggering immediately on the first appearance of each transaction request.