U.S. Announces Charges, Cryptocurrency Seizure in NetWalker Investigation

The U.S. Department of Justice announced Wednesday that a coordinated international campaign targeting the NetWalker ransomware has resulted in the seizure of hundreds of thousands of dollars in cryptocurrency and criminal charges against a Canadian national.

The disclosure came hours after Europol announced a similar global law enforcement effort aimed at disrupting Emotet malware operations, which have spiked in recent months, according to federal cybersecurity officials.

NetWalker attacks steadily rose last year, and targeted a wide range of organizations including schools, municipalities, and at least eight hospitals, according to Allan Liska, a ransomware specialist at Recorded Future. The ransomware-as-a-service operation is part of a growing movement where attackers steal and leak data to pressure victims into paying a demand.

"It remains to be seen whether the indictment will be enough to slow down NetWalker activity, though indictments have been enough to stop attacks from other ransomware actors, such as those behind the SamSam campaign," said Liska. "Overall, this is a good development. We, as a society, need to find more effective ways to disrupt and make it more expensive to carry out ransomware campaigns."

The DoJ announced several key developments Wednesday:

— A newly-unsealed indictment against Sebastien Vachon-Desjardins of Gatineau, Canada, who is alleged to have obtained at least over $27.6 million.

— Authorities in Bulgaria this week seized a hidden site used by NetWalker ransomware affiliates to provide payment instructions and communicate with victims.

— On January 10, law enforcement officials seized more than $450,000 in cryptocurrency that was used as ransom payments in three separate NetWalker incidents.

“We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims,” said Acting Assistant Attorney General Nicholas McQuaid of the DoJ's Criminal Division.  “Ransomware victims should know that coming forward to law enforcement as soon as possible after an attack can lead to significant results like those achieved in today’s multi-faceted operation.”

You can read the indictment here: