Feds Say Canadian Extorted $27M From Ransomware Victims

By Ben Kochman
Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.

Sign up for our Cybersecurity & Privacy newsletter

You must correct or enter the following before you can sign up:

Select more newsletters to receive for free [+] Show less [-]

Thank You!

Law360 (January 27, 2021, 10:22 PM EST) -- The U.S. Department of Justice on Wednesday accused a Canadian national of extorting cyberattack victims into paying $27 million worth of cryptocurrency using a type of ransomware that hackers have deployed to target hospitals and schools during the COVID-19 pandemic.

Federal authorities unsealed charges against Sebastien Vachon-Desjardins, of Quebec, in Florida federal court, and announced that they had worked with law enforcement in Bulgaria to shut down a website that members of what is known as the NetWalker cybercrime group had used to intimidate victims into making payments, including by publishing stolen data.

NetWalker operates as a "ransomware-as-a-service" model, featuring both developers tasked with creating and updating malicious software and "affiliates" who use the ransomware to identify and attack victims, according to court documents. Ransom payments are then split between the developers and affiliates, U.S. authorities say.

NetWalker ransomware is among the strains of malicious software that have been used to target hospitals, school districts and other critical resources in recent months — with cybercriminals taking a particular interest in extorting members of the health care industry amid the global pandemic, the Justice Department said in a press release.

An indictment unsealed against Vachon-Desjardins on Wednesday did not name any victims, but at least one of the organizations targeted was based in Tampa, Florida, court papers say. U.S. authorities also said they had seized an amount of cryptocurrency worth around $454,530 stemming from NetWalker ransom payments made by victims in three separate attacks.

Vachon-Desjardins is charged with conspiracy to commit computer fraud, wire fraud and damaging a protected computer. Federal authorities are also pushing for the Canadian national to return his allegedly illicitly gained profits, which according to the DOJ as of Wednesday were worth around $27.6 million.

In total, hackers using the NetWalker ransomware have hit at least 305 victims from 27 countries, including 203 in the U.S., according to Chainalysis, a company that tracks transfers of digital currency. Victims have made more than $46 million worth of ransomware payments to NetWalker attackers since August 2019, Chainalysis wrote in a blog post.

NetWalker hackers are among the wave of attackers that have evolved their tactics in recent years by taking the extra step of stealing sensitive data before locking victims out of networks and demanding ransoms, cyberattack incident responders have said.

The criminal charges, website takedown and cryptocurrency seizure were not the only actions taken by law enforcement against alleged ransomware actors on Wednesday.

Earlier in the day, Interpol announced that law enforcement authorities had dismantled what it called "the world's most dangerous malware": a cybercrime service known as Emotet.

Emotet attackers obtained access to victims' computers by convincing users to click on malicious email attachments, before selling that access to others who used it for further crimes like stealing data, installing ransomware and extorting victims, according to Interpol.

Authorities in the U.S., UK, the Netherlands,Germany, France, Lithuania, Canada and Ukraine worked together to "take control of the infrastructure" of the cybercrime service that Interpol said in a press release was a "primary door opener for computer systems on a global scale."

The Emotet group had been in operation since 2014 and had "evolved into the go-to solution for cybercriminals over the years," Interpol said.

In the Florida federal court ransomware case, the U.S. is represented by Carlton Curtiss Gammons and Suzanne C. Nebesky of the U.S. Attorney's Office for the Middle District of Florida.

Counsel information for Vachon-Desjardins was not available Wednesday.

The case is U.S. v. Vachon-Desjardins, case number 8:20-cr-00366, in the U.S. District Court for the Middle District of Florida

--Editing by Bruce Goldman.

For a reprint of this article, please contact reprints@law360.com.

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!