Netwalker ransomware affiliate agrees to plead guilty to hacking charges

Prolific Netwalker ransomware affiliate Sebastien Vachon-Desjardins agreed to plead guilty on Tuesday to several charges related to a hacking campaign against a company based in Florida. 

The 34-year-old Vachon-Desjardins, who previously was sentenced to seven years in prison by Canadian officials for other ransomware attacks, was extradited to the U.S. in March and has been held in a Tampa prison since then. 

According to a plea agreement filed on Tuesday, Vachon-Desjardins agreed to forfeit $21.5 million, about 27.65 BTC and dozens of seized devices. 

United States Attorney for the Middle District of Florida Roger Handberg said Vachon-Desjardins has agreed to plead guilty to four charges: Conspiracy to Commit Computer Fraud, Conspiracy to Commit Wire Fraud, Intentional Damage to a Protected Computer and Transmitting a Demand in Relation to Damaging a Protected Computer.

The charges carry a combined maximum prison sentence of 40 years, but the document made references to a potential deal where Vachon-Desjardins will face less years in exchange for cooperation.

The lawyers did not say which company was attacked but noted that it is based in Tampa and was attacked on May 1, 2020. 

Vachon-Desjardins sent the company a ransom note demanding $300,000 in bitcoin but the company did not pay, instead spending $1.2 million to recover from the incident. 

In the plea deal, and in a presentation at the RSA conference earlier this month, the Justice Department said it was able to gain access to the backend server of the NetWalker Tor Panel and the NetWalker Blog, giving them a view into the gang’s operations. 

The group had managed to extort victims for about 5,058 bitcoin — worth about $40 million based on the value of bitcoin at the time of each transaction.

"These records also tied Vachon Desjardins to the successful extortion of approximately 1,864 bitcoin in ransoms (an approximate total of $21 .5 million USD based on the value of bitcoin at the time of each transaction) from dozens of victim companies across the world, including Victim 1," the Justice Department explained.

Carlton Gammons – the lead prosecutor for the U.S. Attorney’s Office for the Middle District of Florida – said Vachon-Desjardins was working for the Canadian government as an IT employee while conducting ransomware attacks on behalf of NetWalker. 

The Justice Department coordinated with law enforcement in Canada and Bulgaria to not only arrest Vachon-Desjardins but take over the group’s servers on January 27, 2021. 

Royal Canadian Mounted Police arrested Vachon-Desjardins at his home in Quebec and found about half a million dollars in Canadian and U.S. currency in addition to about 719 Bitcoin.