NetWalker ransomware affiliate sentenced to seven years in prison
Image: Emiliano Bar, The Record
Catalin Cimpanu February 7, 2022

NetWalker ransomware affiliate sentenced to seven years in prison

NetWalker ransomware affiliate sentenced to seven years in prison

A Canadian man who worked as an “affiliate” for the NetWalker ransomware gang was sentenced last week to seven years in prison for his crimes.

The suspect, Sebastien Vachon-Desjardins, pleaded guilty in front of a judge after he was arrested by Canadian police in January 2021 as part of an international law enforcement crackdown against NetWalker, one of the most active ransomware operations at the time.

In a court document released on Monday, the judge said Vachon-Desjardins “pleaded guilty at the earliest possible point in time” and spared authorities years of investigation into his crimes and collaboration with the NetWalker gang.

This collaboration involved breaching companies and deploying ransomware but also training other criminals on how to carry out attacks.

Suspect made 2,000 BTC from ransomware attacks

The judge said that during a period of nine months between May 2020 and January 2021, Vachon-Desjardins breached companies all over the world and made more than 2,000 Bitcoin from his attacks and subsequent ransom demands.

Of these, the suspect kept 1,200 Bitcoin, while the rest was forwarded to the creators of the NetWalker ransomware.

When Canadian searched his home following a tip from the FBI, they seized less than 720 Bitcoins of these along with “bags of money ranging from CAD$100,000 to CAD$150,000” that came from laundering previous Bitcoin funds.

In total, authorities said they seized CAD$640,040 in cash and another CAD$420,941 from his bank accounts. Together with the Bitcoin funds, authorities said the suspect made more than CAD$30 million from his ransomware activity.

In addition to money, the judge said investigators also found more than 20 Tb of data on his devices that he stole from the hacked organizations, before deploying the ransomware.

“I was told that the data seized from the Defendant, if printed, would fill an entire hockey arena,” Justice G. Paul Renwick said in the sentencing document.

Eight victims to receive restitution

While Vachon-Desjardins caused damage to companies worldwide, he was charged for his crimes in Canada, where he infected 17 victims and caused losses of at least CAD$2.8 million.

Of these, the judge ordered restitutions be paid to eight victims, including:

  • Cegep St. Felicien – $999,239;
  • Elite Group (Continental Casualty Company) – $725,963.52;
  • Endoceutics Inc. – $72,503.43;
  • Enterprise Robert Thibert Inc. – $289,472.00;
  • Travelers Ins. Co. of Canada – $417,449.00;
  • Robson Carpenter LLP – $2,500;
  • Ville de Montmagny – $206,737;
  • Windward Software Systems Inc. – $91,966.02.

While the suspect was detained at the request of US officials, he was trialed in Canada because Vachon-Desjardins was already under investigation in a drug trafficking case.

Just a week before his sentencing for the ransomware charges, Vachon-Desjardins was also sentenced to 4.5 years in prison in that case. That marked his second drug trafficking conviction after receiving 3.5 years imprisonment in a 2015 case.

Prior to his involvement with the NetWalker gang, the suspect also worked in the IT field for the Canadian government for over four years.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.