The Department of Justice last week announced a coordinated international law enforcement action against hackers who defrauded a Maryland senior living provider, among other victims, of more than $27 million.

Sebastien Vachon-Desjardins, a Canadian national, was indicted on conspiracy to commit computer fraud, conspiracy to commit wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer.

The indictment, filed in the Middle District of Florida, states that Vachon-Desjardins was part of a hacker ring known as NetWalker that extorted at least $27.6 million from companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges and universities through ransomware attacks.

As McKnight’s Senior Living previously reported, Lorien Health Services, which offers assisted living, skilled nursing and rehabilitation at nine locations in Maryland, was one of NetWalker’s alleged victims. The data breach last summer reportedly exposed the personal information of 47,754 residents.

The Justice Department said the ransomware attacks specifically targeted the healthcare sector during the COVID-19 pandemic, “taking advantage of the global crisis to extort victims.” 

The government was able to seize approximately $454,530.19 in cryptocurrency from ransom payments to Vachon-Desjardins, as well as disable a “dark web” hidden resource used to communicate with NetWalker ransomware victims.

As part of the joint international effort, Bulgarian law enforcement seized computers affiliated with NetWalker. A dark web blog that posted the files of NetWalker victims who refused to pay the ransom now displays a graphic indicating that it was seized by government agencies.

According to court documents, once a victim’s computer network is compromised and data are encrypted, actors that deploy NetWalker deliver a ransom note to the victim. Hackers typically gain unauthorized access to a computer network days or weeks before delivering a ransom note, according to the Justice Department.

The department explained that NetWalker operates a “ransomware-as-a-service…