Suspect Charged in Relation to the NetWalker Ransomware


Saturday, January 30th, 2021 | , ,

The US Department of Justice announced Wednesday that it has brought charges against a Canadian national in relation to recent NetWalker ransomware attacks. It also seized around $454,500 in cryptocurrency from ransom payments by three victims. The man arrested, Sebastien Vachon-Desjardins of Gatineau, is alleged to have raked in more than $27.6 million overall from NetWalker activities. It’s unclear what specific part he played in the ransomware’s overall operations, nor if he is in custody.

First seen in 2020, the NetWalker ransomware has affected a wide variety of victims, most notably targeting healthcare agencies, using the COVID-19 pandemic to better extort organizations. NetWalker’s victims include the University of California – San Francisco, a leading institution in biological and medical research and home to a medical school and a medical center; the Crozer-Keystone Health System, Champaign-Urbana Public Health District and the College of Nurses of Ontario.

In mid-2020, NetWalker authors notably transitioned to a ransomware-as-a-service (RaaS) model, where they rent the malware and surrounding services to affiliates who carry out the actual attacks. Authors and affiliates then split the profits. Its operators are known for placing a heavy emphasis on targeting and attracting technically advanced affiliates, according to researchers, with special expertise in network access.

In related news, the Bulgarian national police force has seized and disabled a Dark Web resource used to communicate with the NetWalker ransomware victims to provide payment instructions. Researchers say the Tor node is also the group’s leaks site, where it publishes stolen victim information if the target refuses to pay a ransom in a form of double extortion.

It’s likely that the NetWalker operators will create a new data-leak site, as the operators of other ransomwares have done when their respective sites were seized.

Further Reading:

Share this: