Netwalker Ransomware Affiliate Sentenced to 20 Years in Jail

By | October 6, 2022

An affiliate of the infamous Netwalker ransomware gang has been sentenced to serve 20 years in jail for his role in ransomware attacks on entities in the United States.

Netwalker is a ransomware-as-a-service (RaaS) operation where affiliates are recruited to conduct attacks and deploy ransomware in exchange for a cut of the ransom payments they generate, typically receiving up to 75% of any ransoms paid. After gaining access to a victim’s network, sensitive data would be identified and exfiltrated and used as leverage to pressure victims into paying. Threats were then issued to publish or sell the data if the ransom is not paid. Ransom demands ranged from hundreds of thousands to millions of dollars.

While some RaaS operations ban their affiliates from conducting attacks on healthcare organizations, that was not the case with Netwalker, which actively targeted healthcare organizations around the world. The gang also stepped up attacks on the sector during the COVID-19 pandemic.  Victims included the Champaign-Urbana Public Health District and the University of California San Francisco, which had files encrypted on the servers used by its School of Medicine. A ransom of $1.14 million was paid by UCSF for the decryptor to recover essential files.

Sebastien Vachon-Desjardins, 34, from Quebec, a former IT consultant who worked for the Public Works and Government Services in Canada, was arrested in Canada in January 2021 on suspicious of conducting ransomware attacks as part of a law enforcement crackdown on the Netwalker ransomware gang. Law enforcement searched his home and found 719 Bitcoin with a value of more than $28 million, CAD $640.040 in cash, and seized CAD $420,941 from his bank account.

Vachon-Desjardins pleaded guilty to breaching companies and conducting attacks and also admitted to training other individuals on how to conduct attacks. During the 9 months from May 2020 to January 2021, Vachon-Desjardins is alleged to have earned more than 2,000 Bitcoin for the gang and is estimated to have earned more than CAD $30 million in just 9 months. Vachon-Desjardins was charged for the attacks conducted in Canada, was sentenced to serve 6 years and 8 months in jail, and was ordered to pay restitution to 8 victims of his attacks, ranging from $2,500 to $999,239. While awaiting sentencing, Vachon-Desjardins was also sentenced to serve 4.5 years in jail for a separate drug trafficking case.

A law enforcement investigation into the ransomware attacks conducted by Vachon-Desjardins on U.S. firms was also underway and earlier this year, Vachon-Desjardins was extradited to the United States to face charges in Florida, including conducting a ransomware attack on a Tampa-based firm. Vachon-Desjardins entered into a plea deal and pled guilty to conspiracy to commit computer fraud, conspiracy to commit wire fraud, causing intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer.

Federal sentencing guidelines were in the range of 12-15 years; however, U.S. District Court Judge, William F. Jung, opted for a much harsher sentence to serve as a deterrent to other would-be ransomware affiliates. Vachon-Desjardins was sentenced to serve 60 months in jail for conspiracy to commit computer fraud and transmitting a demand in relation to damaging a protected computer, 120 months for causing intentional damage to a protected computer, and 240 months for conspiracy to commit wire fraud, with the sentences to run concurrently. Vachon-Desjardins also agreed to forfeit $21.5 million and will have to serve 3 years of supervised release.

During his prison term, Vachon-Desjardins will not be permitted to use a computer capable of connecting to the Internet, including a smartphone, gaming device, or other electronic devices. U.S. District Court Judge, William F. Jung, said that were it not for the plea deal, and if the case had gone to trial, he would have sentenced Vachon-Desjardins to life in prison.

The post Netwalker Ransomware Affiliate Sentenced to 20 Years in Jail appeared first on HIPAA Journal.