US authorities charge alleged Netwalker ransomware affiliate

A United States grand jury has charged a Canadian man with four counts of deploying the Netwalker ransomware to extort victims, an indictment unsealed today shows.

Sebastian Vachon-Desjardins of Gatineau in Quebec is alleged to have obtained over US$27.6 million in ransom from Netwalker victims.

Netwalker is operated as ransomware-as-a-service by its developers, with Vechon-Desjardin alleged by the US to be an affiliate who would identify and attack high-value victims with the malware.

Affiliates and developers split any ransom received from victims, the US Department of Justice said.

The ransomware is estimated by security researchers as being one of the most profitable ones, bringing in tens of millions of dollars from victims.

Netwalker infamously targeted hospitals and health care providers through bogus Covid-19 related emails containing malicious Visual Basic scripts.

In November 2020, Australian legal document and digital services provider Law in Order was struck by Netwalker, causing a partial IT systems outage. 

Vachon-Desjardin is charged with conspiracy to commit computer fraud, wire fraud, intentional damage to a protected computer, and transmitting ransom demands, as part of deploying Netwalker during the early part of last year.

Ransom payments totaling US$454,530.19 in cryptocurrency have been seized by the Federal Bureau of Investigation.

The cryptocurrency funds, along with US$27.6 million in fiat money, could be confiscated by the US if Vachon-Desjardins is convicted.

American police also worked with Bulgarian authorities to seize a "dark web hidden resource" that Netwalker affiliates used to communicate with ransomware victims and to provide payments instructions to them.