Seattle Police Booby-Trapped a File to Catch Ransomware Actor

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

A story by Motherboard presents one of the methods that the U.S. authorities are following in order to catch the bad guys online. According to court record documents that have been recently unsealed, a Seattle Police Department officer tried to figure out the identity of a ransomware actor by pushing a special, booby-trapped malware file to him. Apparently, a Task Force Officer working for the U.S. Secret Service was involved in a case that hit the South Correctional Entity Jail in Des Moines, in Washington, which caused severe operational disruption to the correctional facility.

When the officer investigated one of the infected systems, he found an email address and contacted the actor asking for proof on the decryption capacity. The actor offered the typical promise and asked the officer to send three files to decrypt them as proof. The officer checked the email headers and found that the attacker’s IP address was coming through a Tor exit node, so there wasn’t a way to identify him/her that way. Instead, he decided to include a booby-trapped file in the set of three files that the attacker promised to decrypt.

The plan was to receive the three decrypted files from the attacker and claim that the booby-trapped one hasn’t been successfully decrypted. The actor would then extract the file to figure out what’s wrong with it, and the malware would drop in his/her system, helping the officer locate the actor. The unsealed documents don’t provide many details as to why the deployment of the file was eventually unsuccessful, but the conclusion is that the plan failed. Maybe the ransomware actor realized the danger, as these methods are common among the various U.S. law enforcement bodies today. Too many malicious actors are hiding in the Tor Onion network, and the FBI has been using trapped files to figure out the real IP address of the hackers, and also their system information and open ports.

Reportedly, a booby-trapped file was what the FBI tried to deploy against a child predator who was active on Facebook, but they failed then too. So, does this mean that the U.S. law enforcement could be planting files on people’s computers to see who is really hiding behind VPN tools and Tor networks? That’s quite possible, although no official entities have admitted anything, and they also denied commenting on the recent revelations or ongoing cases.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: