NetWalker ransomware investigation yields arrest, big cryptocurrency seizure

The NetWalker attackers have reportedly seen profits surge during the COVID-19 crisis.

In a coordinated, multi-part offensive against NetWalker ransomware attackers, law enforcement agencies announced Wednesday that they charged a Canadian national, seized nearly half a million dollars in cryptocurrency and disabled a dark web leak site.

The NetWalker attackers have been part of a growing ransomware trend where the hackers hold stolen data hostage, leak a sample of it and threaten to release the rest in order to incentivize victims into paying.

They’ve been gone after everyone from government agencies to hospitals to schools, and haven’t shied from exploiting the COVID-19 crisis. They’ve also sought to expand profits by offering their ransomware as a service to other cybercriminals, leading to reports of booming revenue in 2020.

The amount ransomware victims paid out increased by 311% in 2020, according to recent research by Chainalysis, a cryptocurrency tracking firm.


The charges against Sebastien Vachon-Desjardins, as well as the seizure of approximately $454,530.19 in cryptocurrency and a NetWalker leak site, come on the same day of another major coordinated law enforcement disruption against the Emotet botnet of infected computers.

“We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims,” said acting Assistant Attorney General Nichola McQuaid of the Justice Department’s Criminal Division. 

DOJ worked with the FBI, U.S. Attorney’s Office for the Middle District of Florida and Bulgarian government agencies on the NetWalker disruption.

Vachon-Desjardins stands accused of obtaining at least $27.6 million, according to a summary of the indictment. The cryptocurrency amounts that law enforcement recovered are gains from payments by three separate victims, according to DOJ.

Correction, Jan. 27, 5:59pm ET: Due to an editing error, a prior version of this story incorrectly reported that the number of ransomware attacks increased by 311% over 2020. In fact, the amount ransomware victims reportedly paid to ransomware attackers increased by 311%. This story has been updated with the correct figure.

Latest Podcasts