Tag Archive for: Netwalker
Netwalker ransomware affiliate agrees to plead guilty to hacking charges
Prolific Netwalker ransomware affiliate Sebastien Vachon-Desjardins agreed to plead guilty on Tuesday to several charges related to a hacking campaign against a company based in Florida.
The 34-year-old Vachon-Desjardins, who previously was sentenced to seven years in prison by Canadian officials for other ransomware attacks, was extradited to the U.S. in March and has been held in a Tampa prison since then.
According to a plea agreement filed on Tuesday, Vachon-Desjardins agreed to forfeit $21.5 million, about 27.65 BTC and dozens of seized devices.
United States Attorney for the Middle District of Florida Roger Handberg said Vachon-Desjardins has agreed to plead guilty to four charges: Conspiracy to Commit Computer Fraud, Conspiracy to Commit Wire Fraud, Intentional Damage to a Protected Computer and Transmitting a Demand in Relation to Damaging a Protected Computer.
The charges carry a combined maximum prison sentence of 40 years, but the document made references to a potential deal where Vachon-Desjardins will face less years in exchange for cooperation.
The lawyers did not say which company was attacked but noted that it is based in Tampa and was attacked on May 1, 2020.
Vachon-Desjardins sent the company a ransom note demanding $300,000 in bitcoin but the company did not pay, instead spending $1.2 million to recover from the incident.
In the plea deal, and in a presentation at the RSA conference earlier this month, the Justice Department said it was able to gain access to the backend server of the NetWalker Tor Panel and the NetWalker Blog, giving them a view into the gang’s operations.
The group had managed to extort victims for about 5,058 bitcoin — worth about $40 million based on the value of bitcoin at the time of each transaction.
“These records also tied Vachon Desjardins to the successful extortion of approximately 1,864 bitcoin in ransoms (an approximate total of $21 .5 million USD based on the value of bitcoin at the time of each transaction) from dozens of victim companies across the world, including Victim 1,” the Justice Department…
Canadian ‘cyberterrorist’ sentenced to prison over NetWalker ransomware attacks
A Canadian man dubbed a “sophisticated cyberterrorist” by an Ontario judge has pleaded guilty in a series of NetWalker ransomware attacks on 17 Canadian entities, admitting to participating in extortion that resulted in nearly $3 million in losses and drew in millions more in cryptocurrency.
In what’s believed to be the largest of its kind in Canada — a complex case where stores of data were stolen, then held for ransom to be paid in bitcoin — Gatineau man Sebastien Vachon-Desjardins pleaded guilty in a Brampton court last week to a series of crimes called “extreme and significant” by a judge, including extortion and participating in a criminal organization.
“He is a sophisticated cyberterrorist who preyed in an organized way with others on entities in educational, health-care, governmental, and commercial sectors,” said Ontario court judge G. Paul Renwick in a Feb. 1 ruling, calling the losses in the case “monumental.”
A former Canadian government IT employee, Vachon-Desjardins “excelled at what he did,” Renwick wrote — that is, breaching private computer networks and systems, hijacking their data, holding it for ransom, then distributing it if he wasn’t paid.
“He played a dominant, almost exclusive, role in these offences and he assisted NetWalker and other affiliates by improving their ability to extort their victims and disguise their proceeds,” Renwick wrote, sentencing Vachon-Desjardins to six years and eight months in a federal penitentiary.
Vachon-Desjardins’ participation in NetWalker — a group of cybercriminals who attack targets using sophisticated ransomware — first made headlines last year when the U.S. Department of Justice announced charges against him as part of an international probe of into the cyber attacks. U.S. authorities alleged he’d illegally obtained more than $27.6 million.
Ransomware is a form of malicious software, or “malware,” that can encrypt a victim’s files and allow an attacker to seize control of their data. Cybercriminals then hold the data for ransom, demanding payment, typically in cryptocurrency, in exchange for restored access to the files, threatening to leak the data if no payment is received.
U.S. Takes Part in Multinational Efforts to Disrupt Netwalker Ransomware and Emotet Malware | Alston & Bird
On January 27 and 28, 2021, the U.S. Department of Justice (DOJ) announced two successful operations to disrupt two different strains of malware, Netwalker ransomware and a banking Trojan known as Emotet, which have affected victims around the globe and caused millions of dollars in damage in recent years.
The law enforcement actions against Netwalker and Emotet are the latest examples of successful cooperation between international governments in fighting cybercrime that transcends borders, as the U.S. partnered with Canada, France, Germany, the Netherlands, the United Kingdom, Lithuania, Sweden, and Ukraine to disrupt the Emotet botnet, and Bulgarian authorities assisted with the operation against Netwalker The DOJ announcement regarding Emotet notes that, “Now, more than ever, international collaboration is an imperative… This investigation will be a paradigm of effective international law enforcement cooperation directed at global cybercrime.” Below we highlight key aspects of each operation.
Netwalker
On January 27, 2021, the DOJ announced charges against a Canadian individual in relation to Netwalker ransomware attacks allegedly involving the extortion of tens of millions of dollars. The DOJ also announced that the law enforcement operation involved the seizure of approximately $500,000 in cryptocurrency from ransom payments and the dismantling of a dark web resource allegedly used to communicate with ransomware victims. Bulgarian authorities were able to seize the dark web hidden resource, and web visitors will now find a banner notifying them that the site has been seized by law enforcement.
Netwalker is one of the most common strains of ransomware and has affected victims in a variety of industries. The DOJ notes that attacks have specifically targeted the healthcare sector during the COVID-19 pandemic. Netwalker is frequently cited as an example of ransomware-as-a-service. According to the DOJ announcement, Netwalker “developers” create and update the malware, while “affiliates” conduct the actual ransomware attacks. If a victim pays a ransom, the payment is split between the two groups.
Emotet
On January 28, 2021, the DOJ announced it had taken…