skip to Main Content

Cybercrime, NetWalker ransomware infrastructure disrupted

International law enforcements, after the Emotet botnet, target the NetWalker ransomware infrastructure

International law enforcements, after destroying the Emotet botnet, now target the NetWalker ransomware infrastructure. It has been announced by the US Department of Justice (DoJ). The malware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Cybercrime attacks have specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims. “We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims,” said Acting Assistant Attorney General Nicholas L. McQuaid of the DoJ’s Criminal Division.  “Ransomware victims should know that coming forward to law enforcement as soon as possible after an attack can lead to significant results like those achieved in today’s multi-faceted operation.”

The operation led the indictment of a Canadian national, the seizure of approximately $454,530.19 in cryptocurrency from ransom payments, and the disablement of a dark web hidden resource used to communicate with the malware victims

NetWalker action includes charges against a Canadian national in relation to the ransomware attacks in which tens of millions of dollars were allegedly obtained, the seizure of approximately $454,530.19 in cryptocurrency from ransom payments, and the disablement of a dark web hidden resource used to communicate with the malware victims. NetWalker operates as a so-called ransomware-as-a-service model, featuring “developers” and “affiliates.” The first are responsible for creating and updating the ransomware and making it available to affiliates. The others are responsible for identifying and attacking high-value victims with the ransomware, according to the affidavit. After a victim pays, developers and affiliates split the ransom. According to the affidavit, once a victim’s computer network is compromised and data is encrypted, cybercrime actors that deploy NetWalker deliver a file, or ransom note, to the victim. Using Tor, the victim is then provided with the amount of ransom demanded and instructions for payment.

Sebastien Vachon-Desjardins is alleged to have obtained at least over $27.6 million as a result of the NetWalker ransomware attacks

According to an indictment unsealed, Sebastien Vachon-Desjardins of Gatineau, a Canadian national, was charged in the Middle District of Florida. Vachon-Desjardins is alleged to have obtained at least over $27.6 million as a result of the offenses charged in the indictment. The Justice Department further announced that on Jan. 10, law enforcement seized approximately $454,530.19 in cryptocurrency, which was comprised of ransom payments made by victims of three separate NetWalker ransomware attacks. Last week, authorities in Bulgaria also seized a dark web hidden resource used by the ransomware affiliates to provide payment instructions and communicate with victims. Visitors to the resource will now find a seizure banner that notifies them that it has been seized by law enforcement authorities.

Back To Top