NetWalker ransomware mastermind indicted in Florida

FBI also launches an international investigation into the NetWalker operation

The FBI has launched an international investigation into the NetWalker ransomware operation, and prosecutors have filed an indictment on a key figure in the operation. 

Florida courts charged Gatineau, Quebec-based Sebastien Vachon-Desjardins on December 2 and unsealed the indictment this week. The indictment accuses Vachon-Desjardins of computer fraud, conspiracy to commit wire fraud, intentional damage to a connected computer, and transmitting a demand in relation to that damage. 

According to the Department of Justice (DoJ), Vachon-Desjardins allegedly obtained over $27.6 million from his fraudulent actions. On January 10, law enforcement officials also seized $454,530.19 in cryptocurrency, which the DoJ said came from three NetWalker victims.

NetWalker operates under a ransomware-as-a-service model, in which the code's owner allows affiliates to use it. The affiliates then pay the owner a commission from any successful ransomware operations. The affidavit accuses Vachon-Desjardins of transmitting ransomware himself and helping others to do the same.

NetWalker's operation was efficient in collecting payment, resulting in a lower-than-average resolution time for payments and data recovery, according to Coveware, a ransomware mitigation company. Coveware also reported that all NetWalker decryptions were successful after victims paid.

Related Resource

Ransomware protection with Veritas NetBackup Appliances

How to use Veritas NetBackup and NetBackup Appliances to protect against and recover from ransomware attacks

Download now

The ransomware operation's success was partly due to it using the Tor dark web protocol that automated victims’ payments. In a report detailing the NetWalker operation, McAfee noted the company switched from email communication with victims entirely to the Tor site in March 2020.

This week, Bulgarian police seized an online property NetWalker affiliates used to deliver those payment instructions and replaced it with a seizure banner notifying victims of the takedown.

Attacks targeted a wide array of organizations, ranging from health care operations already under pressure from the pandemic through to educational facilities and local governments, and the operation was lucrative. Coveware reports the average NetWalker ransom payment was $344,000 in Q4 2020. However, some payments have been far higher. In June 2020, the University of California paid NetWalker criminals $1.14 million to recover encrypted data.

NetWalker attacks, which were mounted via phishing emails or through vulnerable remote desktop protocol (RDP) ports, didn’t always end with decryption. In some cases, affiliates would also exfiltrate the data and then charge victims not to publish it in what has become known as a double-extortion attack. Coveware has said that roughly half of all ransomware attacks now use this method.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Federal Reserve outage causes payment delays
IT infrastructure

Federal Reserve outage causes payment delays

25 Feb 2021
CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021
What is a Trojan?
Security

What is a Trojan?

25 Feb 2021

Most Popular

Mysterious Silver Sparrow malware hits 30,000 macOS devices
malware

Mysterious Silver Sparrow malware hits 30,000 macOS devices

22 Feb 2021
IBM reportedly mulls sale of Watson Health business
mergers and acquisitions

IBM reportedly mulls sale of Watson Health business

22 Feb 2021
New monitors for an agile new normal
Sponsored

New monitors for an agile new normal

19 Feb 2021