Just last month, QNAP released yet another warning to its customers saying the group was using a recently patched zero-day vulnerability in its latest campaign.Įarlier this year, security company Emsisoft released its own version of a Deadbolt decryptor after several victims reported having issues with the one they received in exchange for paying a ransom. However, it only works with a decryption key supplied by the operators of the Deadbolt ransomware through a ransom payment. QNAP did not respond to requests for comment. Gevers explained that Responders.NU worked with the Dutch National Police to create a website - so that other victims can check if their key is among the 155 obtained during the operation. 👇 #sHertogenbosch via Politie Eenheid Oost-Brabant October 14, 2022
Lees meer over hoe wij gedupeerden weer toegang tot hun gegijzelde computerbestanden hebben gegeven. Wij hebben een mooi succes geboekt in de bestrijding van ransomware. The group behind Deadbolt unfortunately realized what was happening and added a second level of confirmation to the process before decryption keys would be dispersed.ĭutch police added that while the operation was cut short, it made it clear to Deadbolt operators “that they are in the crosshairs of international law enforcement authorities.” On top of the international victims, we were able to obtain the keys for all the Dutch victims that filed a complaint and have notified them the very evening.” “Their keys were among the first we obtained, before panic struck the ransomware group. “This action clearly shows that reporting helps: victims that reported the ransomware were given priority,” said Matthijs Jaspers, a member of the Dutch Cybercrime Team within the National Police. The operation netted the officials 155 decryption keys, almost 90% of which were for victims that filed complaints with their local law enforcement agency in one of the 13 countries that participated in the operation. The decryption key is sent automatically after a ransom is paid but confirmation often takes longer, allowing the police officials to effectively pay the ransom, get the key and then cancel the transaction. The operation took advantage of network congestion on the Bitcoin blockchain, where there is a maximum number of transactions that it can handle per second. “We shared that with the cybercrime team of the police so that they could take this large-scale action.” “We assist many victims of ransomware and saw an opportunity to obtain decryption keys,” said Responders.NU cybersecurity expert Rickey Gevers. The idea for the operation started with Dutch cybersecurity company Responders.NU, which figured out the ransom payment trick and worked on the operation with the Dutch National Police, the Public Prosecution Service, Europol, the French National Police and the French Gendarmerie. On Friday, the Dutch National Police said the group has encrypted more than 20,000 QNAP and Asustor devices since the campaign began, including more than 1,000 victims in the Netherlands. E8ZkyIbdfp- Lex Fridman January 27, 2022 I have 50tb of data there, none of it essential or sensitive, but it hurts a lot. They ask $1,000 from individuals or $1.8 million from QNAP. Ransomware named DeadBolt found an exploit in storage devices, encrypting all files. Dozens of users took to Reddit to complain that they were among those attacked in the latest campaign. Message boards around the world have been flooded with customers lamenting the loss of files that included family photo albums, wedding videos and more.
They also expanded their attacks to include NAS devices from Asustor. Since January, thousands of customers using Taiwanese hardware maker QNAP’s network-attached storage (NAS) devices have reported being attacked by the Deadbolt ransomware group, which demands a ransom of 0.03 Bitcoin (about $600) for the decryption key.Īfter the initial attacks affected about 3,600 devices in January, the group continued to resurface with campaigns in March, May, June and September this year. In a statement, the Dutch National Police said on Friday that they conducted a targeted operation where they effectively paid a ransom in Bitcoin, received the decryption keys and then were able to withdraw the payment before it fully went through.
Police in the Netherlands said they were able to trick the group behind the Deadbolt ransomware to hand over the decryption keys for 155 victims during a police operation announced last week.
Dutch Police obtain 155 decryption keys for Deadbolt ransomware victims
0 kommentar(er)
