NetWalker ransomware mastermind indicted in Florida
FBI also launches an international investigation into the NetWalker operation
The FBI has launched an international investigation into the NetWalker ransomware operation, and prosecutors have filed an indictment on a key figure in the operation.
Florida courts charged Gatineau, Quebec-based Sebastien Vachon-Desjardins on December 2 and unsealed the indictment this week. The indictment accuses Vachon-Desjardins of computer fraud, conspiracy to commit wire fraud, intentional damage to a connected computer, and transmitting a demand in relation to that damage.
According to the Department of Justice (DoJ), Vachon-Desjardins allegedly obtained over $27.6 million from his fraudulent actions. On January 10, law enforcement officials also seized $454,530.19 in cryptocurrency, which the DoJ said came from three NetWalker victims.
NetWalker operates under a ransomware-as-a-service model, in which the code's owner allows affiliates to use it. The affiliates then pay the owner a commission from any successful ransomware operations. The affidavit accuses Vachon-Desjardins of transmitting ransomware himself and helping others to do the same.
NetWalker's operation was efficient in collecting payment, resulting in a lower-than-average resolution time for payments and data recovery, according to Coveware, a ransomware mitigation company. Coveware also reported that all NetWalker decryptions were successful after victims paid.
RELATED RESOURCE
Ransomware protection with Veritas NetBackup Appliances
How to use Veritas NetBackup and NetBackup Appliances to protect against and recover from ransomware attacks
The ransomware operation's success was partly due to it using the Tor dark web protocol that automated victims’ payments. In a report detailing the NetWalker operation, McAfee noted the company switched from email communication with victims entirely to the Tor site in March 2020.
This week, Bulgarian police seized an online property NetWalker affiliates used to deliver those payment instructions and replaced it with a seizure banner notifying victims of the takedown.
Attacks targeted a wide array of organizations, ranging from health care operations already under pressure from the pandemic through to educational facilities and local governments, and the operation was lucrative. Coveware reports the average NetWalker ransom payment was $344,000 in Q4 2020. However, some payments have been far higher. In June 2020, the University of California paid NetWalker criminals $1.14 million to recover encrypted data.
NetWalker attacks, which were mounted via phishing emails or through vulnerable remote desktop protocol (RDP) ports, didn’t always end with decryption. In some cases, affiliates would also exfiltrate the data and then charge victims not to publish it in what has become known as a double-extortion attack. Coveware has said that roughly half of all ransomware attacks now use this method.
-
AI demand driving up Apple prices, says CookNews Tim Cook says that rising component costs mean consumers have to pay more
-
Kaseya unveils open AI platform as it shifts focus from acquisitions to integrationKaseya has detailed the next phase of its AI strategy, centred on an open platform designed to connect data across its portfolio, automate routine IT operations, and help MSPs deliver more value-added services
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recovery
News Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
