article featured image


The Dutch National Police has managed to outsmart the DeadBolt ransomware group and retrieve more than 150 decryption keys. The authorities paid the ransom, received the decryption keys and then withdrew the payments, which lead to all the Dutch victims now being use them to unlock their stolen files for free.

According to the police, 20,000 storage devices worldwide have been held hostage by Deadbolt, at least 1,000 of which are in the Netherlands. Further, the Dutch National Police believes this operation could also help 90% of international victims in any of the 13 other countries where the threat actors performed ransomware campaigns.

This action clearly shows that reporting helps: victims that reported the ransomware were given priority. Their keys were among the first we obtained, before panic struck the ransomware-group.

Matthijs Jaspers, the Dutch National Police cybercrime team – Source

Trick the Trickster

As mentioned in the official statement, the Dutch National Police`s cybercrime team, working with cybersecurity company Responders.NU, exploited a weak link in DeadBolt’s system that allowed it to pay using Bitcoin, receive the decryption keys from the threat actors, and then withdraw the payments and reach out to the victims.

However, the statement points out that not all keys will find their way directly back to the victims, as those who did not report having suffered the attack are a lot harder to identify in order to receive their key.

This clever endeavor also had the support of the Dutch Public Prosecutor’s Office, Europol, and French law enforcement services which assisted in the operation and has been described as “a nasty blow” to the cybercriminals, forcing them to shut down their system.

Rickey Gevers from Responders.NU advises victims to go to the website deadbolt.responders.nu and check if their key is also available and follow the unlocking instructions.

As cybernews points out, DeadBolt mainly targets small businesses and home computer users rather than larger companies. Its malware uses vulnerable network-attached storage devices (NAS) to target backup files. Naturally, it’s recommended that users remain vigilant and avoid falling victim to ransomware in the first place, but also make sure they follow the necessary steps to ensure security measures to keep their data safe from cybercriminals.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Mihaela Popa


Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.