US Charges NetWalker Ransomware Affiliate, Seizes Ransom Payments
The U.S. Justice Department announced today the disruption of the Netwalker ransomware operation and the indictment of a Canadian national for alleged involvement in the file-encrypting extortion attacks.
Earlier today, BleepingComputer reported that law enforcement in the U.S. and Bulgaria seized Netwalker sites on the dark web used for leaking data from non-paying victims and for negotiating payments for data decryption.
In a press release published minutes ago, the DOJ confirms the success of the takedown effort in cooperation with the Bulgarian National Investigation Service and General Directorate Combating Organized Crime.
Netwalker affiliate charged
Despite starting in late 2019, Netwalker ransomware operation caused financial losses of tens of millions of US dollars. A report in August 2020 notes that the actors made $25 million in just five months of activity.
Apart from seizing the dark web sites, the DOJ says that Canadian national Sebastien Vachon-Desjardins of Gatineau was charged in relation to Netwalker ransomware attacks.
It is alleged that Desjardins obtained more than $27.6 million from the extortion activity. His role in the operation began at least in April 2020, indicating that he is an affiliate and not part of the developer crew.
Also Read: Key PDPA Amendments 2019/2020 You Should Know
“According to an indictment unsealed today, Sebastien Vachon-Desjardins of Gatineau, a Canadian national, was charged in the Middle District of Florida. Vachon-Desjardins is alleged to have obtained at least over $27.6 million as a result of the offenses charged in the indictment.”
The model that most ransomware developers follow for their operations is to deploy a service and recruit affiliates like Desjardins who find high-value victims, breach them and deploy Netwalker on their systems. The ransom money is then split between the two partners, with affiliates taking the largest cut.
On January 10, law enforcement was able to seize a little over $450,000 in cryptocurrency that represented ransom payments from three distinct Netwalker victims.
Netwalker has encrypted systems to some high-profile victims, including Equinix, Enel Group, the Argentian immigration agency, University of California San Francisco (UCSF), and K-Electric.
The threat actors also attacked municipalities, hospitals, law enforcement organizations, emergency services, school districs, colleges, and universities.
This operation does not mean it’s the end of the Netwalker operation but it’s definitely a step closer. Other affiliates exist and given how profitable this illegal business is, developers have plenty of candidates to choose from.
Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service
0 Comments