Canadian national Sebastien Vachon-Desjardins was charged by the US for his involvement in NetWalker ransomware attacks and sentenced to 6 years and 8 months in prison after pleading guilty before an Ontario judge on Monday to multiple offenses linked to attacks on 17 Canadian victims.
The judge said that, although Desjardins cooperated with the authorities to help identify victims and their losses, he still “played a dominant, almost exclusive, role in these offenses.”
The FBI discovered Desjardins’s true identity after linking email accounts he used to register accounts on XSS.is and HackForums with online activity with various online services he used to upload stolen files from victims’ networks and find financial info on his victims.
Additionally, he made it easier on authorities by sharing personal information on public forums, including that he worked as an IT technician for the Canadian government (Public Works and Government Services Canada) for more than 4 years.
Financial Losses
The ransomware attacks resulted in losses of millions of dollars after the victims had data stolen from their networks and were extorted into paying millions worth of cryptocurrency as ransoms.
“Between May 2020 and January 2021, the Defendant victimized 17 Canadian entities and others throughout the world by breaching private computer networks and systems, hi-jacking their data, holding the stolen data for ransom, and distributing stolen data when ransoms were not paid,” the judge added.
In January 2021, the US Department of Justice said that Desjardins allegedly acquired more than $27.6 million after multiple successful attacks and extortion attempts since April 2020, when he first started his new ransomware affiliate role.
“The Defendant admitted to investigators that over 1,200 Bitcoins related to his NetWalker malware activities passed through his e-wallet and were shared with his unindicted co-conspirators and the developer of the NetWalker ransomware,” the judge said on Monday. “As well, the Defendant admits that his entire ransomware activities involved over 2,000 Bitcoins. The [Royal Canadian Mounted Police] RCMP seized slightly less than 720 Bitcoins from the Defendant’s e-wallets and accounts.”
After searching his home, law enforcement also seized many devices containing approximately 20 TB worth of data.
NetWalker Ransomware
When the US first charged Desjardins last January, law enforcement from the USA and Bulgaria also seized dark websites associated with the Netwalker ransomware operation, including their Tor payment and data leak sites.
The seizure was the result of a joint investigation conducted by the FBI, the US DOJ, the Bulgarian National Investigation Service, and Bulgaria’s General Directorate Combating Organized Crime.
Netwalker was a Ransomware-as-a-Service (RaaS) operation that began in late 2019, recruiting cybercriminals to deploy the ransomware in return for a 60-75% share of all ransom payments.
This ransomware operation was extremely profitable for all the threat actors involved. An August 2020 report estimated that they collected $25 million from victims within five months alone.
Some of the victims Netwalker has targeted over the past few years include the Enel Group, Equinix, the University of California San Francisco (UCSF), the Argentinian immigration agency, and K-Electric.
However, NetWalker affiliates also targeted other private and public organizations in their attacks, including hospitals, law enforcement organizations, emergency services, municipalities, school districts, colleges, and universities.