Netwalker Ransomware Affiliate to Be Imprisoned for 20 Years

An affiliate of the notorious Netwalker ransomware group was sentenced to 20 years in prison because of taking part in ransomware attacks on U.S. companies.

Netwalker’ ransomware-as-a-service (RaaS) operation recruits affiliates to carry out attacks and set up ransomware in return for a percentage of the ransom they are paid, normally getting approximately 75% of any ransom payment. After getting access to the network of a victim, sensitive information would be viewed and extracted and used to threaten victims into giving ransom payments. Attackers issue threats to post or sell the information when the ransom is not given. Ransom demands vary from hundreds to millions of bucks.

Although a number of RaaS operations prohibit their affiliates from executing attacks on healthcare companies, that wasn’t followed by Netwalker, instead, it actively attacked healthcare companies worldwide. The group additionally increased attacks on the industry throughout the COVID-19 pandemic. The University of California San Francisco and the Champaign-Urbana Public Health District were affected by the attack because their School of Medicine had files encrypted on their servers. UCSF paid a $1.14 million ransom to get the decryptor and retrieve important files.

34-year-old Sebastien Vachon-Desjardins from Quebec, an ex-IT consultant working for Canadian Public Works and Government Services, was detained in Canada last January 2021 because of suspicious conduct of ransomware attacks during a law enforcement operation on the Netwalker ransomware group. Law enforcement dug into his house and discovered 719 Bitcoin worth over $28 million, cash of CAD $640.040, and took the CAD $420,941 found in his bank account.

Vachon-Desjardins admitted to breaching organizations and executing attacks and additionally confessed to training other people to perform attacks. In the course of 9 months between May 2020 and January 2021, Vachon-Desjardins allegedly earned over 2,000 Bitcoin for the group and is approximated to have received over CAD $30 million. Vachon-Desjardins was accused of conducting attacks in Canada, was sentenced to be in jail for 6 years and 8 months, and was directed to pay about $2,500 to $999,239 to the 8 victims of his attacks. While waiting for his sentence, Vachon-Desjardins was additionally sentenced to jail for another 4.5 years in relation to a different drug trafficking case.

An investigation by law enforcement into the ransomware attacks performed by Vachon-Desjardins on U.S. companies was additionally ongoing and at the beginning of this year, Vachon-Desjardins was deported to the U.S. because of charges in Florida that include carrying out a ransomware attack on a company based in Tampa. Vachon-Desjardins signed a request and pled guilty to conspiracy to commit computer fraud, and conspiracy to commit wire fraud resulting in purposive damage to a secured computer and transferring a demand for destroying a secured computer.

Federal sentencing recommendations were from 12 to 15 years; nonetheless, U.S. District Court Judge, William F. Jung, decided to declare a significantly harsher sentence to deter other would-be ransomware affiliates. For the conspiracy to commit computer fraud and transferring a demand associated with damaging a protected computer, Vachon-Desjardins will serve 60 months in jail; for causing intentional damage to a protected computer, he will serve 120 months, and for conspiracy to commit wire fraud, he will serve 240 months. The sentences will run at the same time. Vachon-Desjardins additionally decided to surrender $21.5 million and will be on supervised release for 3 years.

Throughout his prison time, Vachon-Desjardins cannot use a smartphone, a computer, a gaming device, or other electronic gadgets that can connect to the Internet. U.S. District Court Judge, William F. Jung, stated that if there was no plea deal, and if the case went on to trial, he would have given Vachon-Desjardins a life imprisonment sentence.