🚔 Humans of Cyber | Day 12 When Police Fought Ransomware with Code In 2022, thousands of QNAP and ASUSTOR NAS devices were locked by the DeadBolt ransomware gang. Victims were told to pay in Bitcoin or lose their files forever. The Dutch National Police had different plans. Working with cybersecurity firm Responders.NOW, they chose a different approach. They did not pay or negotiate. Instead, they studied the attacker’s own system. The catch was that DeadBolt’s payment process automatically sent decryption keys once Bitcoin was received. This very mechanism became its weakness. With the help of Rickey Gevers from Responders.NOW and guidance from the Politie Nederland, including leader Matthijs J., investigators discovered how to turn the process against the criminals. The police exploited it. They pulled keys directly from the blockchain and gave them to the victims. People were able to recover their data without sending money to criminals. Later, forensic reports confirmed the scale of the operation’s success: decryption keys were recovered for the majority of reported victims, stripping DeadBolt of its leverage and restoring access to victims’ files. This success was not the result of a headline-grabbing raid or dramatic takedown. It was technical work, supported by Europol, the Netherlands’ Public Prosecution Service, the French National Police, and Gendarmerie Nationale, that reshaped what is possible in ransomware response. The Dutch National Police proved that sometimes the best way to fight ransomware is to turn the criminal’s own system against them. #HumansOfCyber #Ransomware #DeadBolt #DutchPolice #Cybercrime #IncidentResponse #BlockchainForensics #CyberSecurity #InformationSecurity
