The Department of Justice (DoJ) has launched a coordinated international law enforcement action to disrupt the NetWalker ransomware-as-a-service crimeware product.
The NetWalker ransomware has targeted a variety of victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Since the onset of the COVID-19 pandemic, attackers using NetWalker increasingly have targeted the healthcare sector.
In a Jan. 27 statement, the DoJ said that as part of the action it has brought charges against Sebastien Vachon-Desjardins, a Canadian national, in connection NetWalker ransomware attacks where tens of millions of dollars were allegedly stolen. Vachon-Desjardins is alleged to have obtained more than $27.6 million as a result of the offenses charged in the indictment. Additionally, the DoJ has seized roughly $454,530.19 in cryptocurrency from ransom payments, and has disabled a dark web hidden resource used to communicate with NetWalker ransomware victims.
“We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “Ransomware victims should know that coming forward to law enforcement as soon as possible after an attack can lead to significant results like those achieved in today’s multi-faceted operation.”
The DoJ explained that NetWalker operates as a “ransomware-as-a-service model, featuring ‘developers’ and ‘affiliates.’” According to court filings, the developers are responsible for creating and updating the ransomware and making it available to affiliates, and affiliates are responsible for identifying and attacking high-value victims with the ransomware. After a victim pays, developers and affiliates split the ransom.
“This action reflects the resolve of the U.S. Attorney’s Office for the Middle District of Florida to target and disrupt sophisticated, international cybercrime schemes,” said U.S. Attorney Maria Chapa Lopez for the Middle District of Florida. “While these individuals believe they operate anonymously in the digital space, we have the skill and tenacity to identify and prosecute these actors to the full extent of the law and seize their criminal proceeds.”