NetWalker ransomware mastermind indicted in Florida

FBI also launches an international investigation into the NetWalker operation

The FBI has launched an international investigation into the NetWalker ransomware operation, and prosecutors have filed an indictment on a key figure in the operation. 

Florida courts charged Gatineau, Quebec-based Sebastien Vachon-Desjardins on December 2 and unsealed the indictment this week. The indictment accuses Vachon-Desjardins of computer fraud, conspiracy to commit wire fraud, intentional damage to a connected computer, and transmitting a demand in relation to that damage. 

According to the Department of Justice (DoJ), Vachon-Desjardins allegedly obtained over $27.6 million from his fraudulent actions. On January 10, law enforcement officials also seized $454,530.19 in cryptocurrency, which the DoJ said came from three NetWalker victims.

NetWalker operates under a ransomware-as-a-service model, in which the code's owner allows affiliates to use it. The affiliates then pay the owner a commission from any successful ransomware operations. The affidavit accuses Vachon-Desjardins of transmitting ransomware himself and helping others to do the same.

NetWalker's operation was efficient in collecting payment, resulting in a lower-than-average resolution time for payments and data recovery, according to Coveware, a ransomware mitigation company. Coveware also reported that all NetWalker decryptions were successful after victims paid.

Related Resource

Ransomware protection with Veritas NetBackup Appliances

How to use Veritas NetBackup and NetBackup Appliances to protect against and recover from ransomware attacks

Veritas NetBackup - how to protect from ransomware whitepaperDownload now

The ransomware operation's success was partly due to it using the Tor dark web protocol that automated victims’ payments. In a report detailing the NetWalker operation, McAfee noted the company switched from email communication with victims entirely to the Tor site in March 2020.

This week, Bulgarian police seized an online property NetWalker affiliates used to deliver those payment instructions and replaced it with a seizure banner notifying victims of the takedown.

Attacks targeted a wide array of organizations, ranging from health care operations already under pressure from the pandemic through to educational facilities and local governments, and the operation was lucrative. Coveware reports the average NetWalker ransom payment was $344,000 in Q4 2020. However, some payments have been far higher. In June 2020, the University of California paid NetWalker criminals $1.14 million to recover encrypted data.

NetWalker attacks, which were mounted via phishing emails or through vulnerable remote desktop protocol (RDP) ports, didn’t always end with decryption. In some cases, affiliates would also exfiltrate the data and then charge victims not to publish it in what has become known as a double-extortion attack. Coveware has said that roughly half of all ransomware attacks now use this method.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Hackers used SonicWall zero-day flaw to plant ransomware
ransomware

Hackers used SonicWall zero-day flaw to plant ransomware

30 Apr 2021
How can you protect your business from crypto-ransomware?
Security

How can you protect your business from crypto-ransomware?

20 Apr 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

9 Apr 2021
Most comments in FCC net neutrality consultation were reportedly fake
Policy & legislation

Most comments in FCC net neutrality consultation were reportedly fake

7 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021