Regístrese ahora para una mejor cotización personalizada!

NetWalker ransomware gang affiliate pleads guilty and slapped with a 7-year sentence

Feb, 08, 2022 Hi-network.com

Netwalker ransomware gang affiliate Sebastien Vachon-Desjardins was sentenced to seven years in prison for his involvement with the group after pleading guilty in an Ontario court on January 31.

See also

Ransomware: An executive guide to one of the biggest menaces on the web

Everything you need to know about ransomware: how it started, why it's booming, how to protect against it, and what to do if your PC is infected.

Read now

Court documents published on February 1 revealed that Vachon-Desjardins pleaded guilty to five charges related to "theft of computer data, extortion, the payment of cryptocurrency ransoms, and participating in the activities of a criminal organization."

In addition to the seven-year sentence, Vachon-Desjardins agreed to partial restitution, forfeiture of assets seized, and a DNA order. The court documents say Vachon-Desjardins was implicated in 17 ransomware attacks that caused at least$2.8 million in damages in Canada. 

"In August 2020, the Royal Canadian Mounted Police ("RCMP") received information from the American Federal Bureau of Investigation ("FBI") in relation to a NetWalker ransomware affiliate operating in Gatineau, Quebec. The FBI advised the RCMP that their suspect was responsible for ransomware attacks in several countries, and he was suspected of having received over$15,000,000.00 in ransom payments," Ontario court judge G. Paul Renwick wrote, adding that he was told that the data seized from Vachon-Desjardins's would fill an entire hockey arena if printed.

"Eventually, based on internet protocol addresses, data gleaned from U.S. investigations into various Apple, Google, Microsoft, and Mega.nz accounts, aliases, email addresses, and personal information revealed on social media platforms, the Defendant was identified by the Canadian authorities."

Also: Microsoft Win32k bug added to CISA's exploited vulnerabilities list

In January, police in Florida arrested the Canadian citizen in connection with several attacks by the Netwalker ransomware group. The DOJ claimed Vachon-Desjardins managed to make about$27.6 million through several ransomware attacks on Canadian organizations like the Northwest Territories Power Corporation, the College of Nurses of Ontario, and a Canadian tire store in B.C. 

One of the biggest issues facing Vachon-Desjardins is when he will be sent to the U.S. to face his charges there. He was supposed to be sent to the U.S., but his surrender was delayed because he had other drug trafficking charges outstanding in Quebec. The ruling says Vachon-Desjardins' sentence can begin to run now, and it will continue to run during and subsequent to the resolution of his charges in the U.S.

The sentence will also run concurrently to the 54-month sentence he got for drug trafficking offenses in Quebec.

The judge's decision explained that Vachon-Desjardins was a prolific member of the Netwalker ransomware group and even sent the group's leaders 224 Bitcoins to invest in "the next generation of malicious code that could be used."

"The Defendant even improved upon the ransom messages used by NetWalker affiliates and eventually convinced the creator of NetWalker to use 'mixing services' to disguise funds paid for ransoms in Bitcoin," Renwick said. 

"The Defendant admitted to investigators that over 1,200 Bitcoins related to his NetWalker malware activities passed through his e-wallet and were shared with his unindicted co-conspirators and the developer of the NetWalker ransomware. As well, the Defendant admits that his entire ransomware activities involved over 2000 Bitcoins." 

Canadian officials were only able to seize less than 720 Bitcoins from Vachon-Desjardins' e-wallets and accounts because he managed to turn the stolen funds into Canadian dollars. In some instances, he received bags of money ranging from$100,000 to$150,000.

When he was arrested in January 2021, Vachon-Desjardins had about$640,000 in cash and$421,000 in his bank account. 

"The Defendant was not an insignificant actor in these and other offenses; he played a dominant, almost exclusive, role in these offenses, and he assisted NetWalker and other affiliates by improving their ability to extort their victims and disguise their proceeds," Renwick explained. 

"The Defendant has an unrelated criminal record for drug trafficking, and he was sentenced to 3.5 years imprisonment in 2015 and 4.5 years imprisonment last week; during the commission of these offenses, the Defendant was awaiting the disposition of some of his outstanding charges in Quebec."

One strange aspect of the report was Renwick's preoccupation with Vachon-Desjardins' physical appearance. He called Vachon-Desjardins "good-looking, presentable, and instantly likeable."

Vachon-Desjardins will have to pay restitution to some of the victims affected by his attacks. He will need to pay nearly$1 million to Cegep St. Felicien,$725,000 to Elite Group, more than$700,000 to Enterprise Robert Thibert and Travelers Ins. Co. of Canada as well as$206,737 to Ville de Montmagny. Windward Software Systems Inc. will get$91,966.02, and Endoceutics Inc. will get$72,503.43.

The funds will be taken from the cryptocurrency that was seized during the raids on his home. 

Canadian ransomware expert Brett Callow said people often assume that ransomware actors are based in Russian or CIS countries, but this case demonstrates that they can be much closer to home. 

"Which isn't surprising. Ransomware is a multi-billion dollar industry. North America has talent, criminals and talented criminals. It only makes sense that they'd be wanting in on the action, especially as cybercriminals operate with almost complete impunity," said Callow, who works as a threat analyst at cybersecurity firm Emsisoft.

"Or, at least, they did. That's starting to change, and arrests such as this will inevitably make some individuals consider whether they should get out while the going is good."

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Etiquetas calientes: tecnología seguridad

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.