NetWalker ransomware affiliate extradited to the US

A NetWalker affiliate who was sentenced in Canada last month to seven years in prison was extradited Wednesday to the US, where he will face multiple charges related to his alleged participation with the ransomware group, the US Department of Justice announced today.

Sebastien Vachon-Desjardins, a 34-year-old from Gatineau, Quebec, is accused of conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer. He made his initial federal court appearance today in Tampa, at the US District Court for the Middle District of Florida, according to the Justice Department.

Vachon-Desjardins was arrested by Canadian police in January 2021 as part of an international law enforcement campaign targeting NetWalker, which was one of the most active ransomware groups in 2020. The group had publicly linked itself to about 150 victim organizations, according to data collected by Recorded Future, but the group’s operations came to a complete standstill following the takedown.

$28 million seized

The arrest highlighted the staggering amount of money the ransomware group was able to bring in before it was shut down. Between May 2020 and January 2021, Vachon-Desjardins made more than 2,000 in Bitcoin — worth nearly $79 million today — from ransom demands, according to the Canadian judge overseeing his trial there.

The suspect kept 1,200 Bitcoin, and paid the rest to the ransomware creators. Canadian authorities, following a tip from the FBI, seized less than 720 Bitcoin — about $28 million — as well as hundreds of thousands of dollars in cash.

According to the original US indictment, Vachon-Desjardins will be required to forfeit at least $27 million to the federal government if convicted. It was not made clear from the Justice Department’s statement how it would work with the Canadian authorities who originally seized the funds.

“As exemplified by the seizure of cryptocurrency by our Canadian partners, we will use all legally available avenues to pursue seizure and forfeiture of the alleged proceeds of ransomware, whether located domestically or abroad,” said Assistant Attorney General Kenneth Polite Jr. in a statement. “The department will not cease to pursue and seize cryptocurrency ransoms, thereby thwarting the attempts of ransomware actors to evade law enforcement through the use of virtual currency.”