Netwalker Ransomware Taken Down By US and Bulgaria
The Florida US Attorney’s office and DOJ and Bulgarian Interpol have taken down the Netwalker Ransomware group by seizing the site control and command. Netwalker uses the affiliate model by selling ransomware as a service which are used by independents. It is not known yet if their decryption keys were able to be obtained. This is an evolving story.
"According to the affidavit, once a victim’s computer network is compromised and data is encrypted, actors that deploy NetWalker deliver a file, or ransom note, to the victim. Using Tor, a computer network designed to facilitate anonymous communication over the internet, the victim is then provided with the amount of ransom demanded and instructions for payment.
Actors that deploy NetWalker commonly gain unauthorized access to a victim’s computer network days or weeks prior to the delivery of the ransom note. During this time, they surreptitiously elevate their privileges within the network while spreading the ransomware from workstation to workstation. They then send the ransom note only once they are satisfied that they have sufficiently infiltrated the victim’s network to extort payment, according to the affidavit.
According to an indictment unsealed today, Sebastien Vachon-Desjardins of Gatineau, a Canadian national, was charged in the Middle District of Florida. Vachon-Desjardins is alleged to have obtained at least over $27.6 million as a result of the offenses charged in the indictment.
The Justice Department further announced that on Jan. 10, law enforcement seized approximately $454,530.19 in cryptocurrency, which was comprised of ransom payments made by victims of three separate NetWalker ransomware attacks.
This week, authorities in Bulgaria also seized a dark web hidden resource used by NetWalker ransomware affiliates to provide payment instructions and communicate with victims. Visitors to the resource will now find a seizure banner that notifies them that it has been seized by law enforcement authorities.
The investigation was led by the FBI’s Tampa field office.
Trial Attorneys S. Riane Harper and Brian Mund of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorneys Carlton C. Gammons and Suzanne Nebesky of the U.S. Attorney’s Office for the Middle District of Florida are prosecuting the case against Vachon-Desjardins.
Substantial assistance was provided by the Department of Justice’s Office of International Affairs. Additionally, the Bulgarian National Investigation Service and General Directorate Combating Organized Crime provided substantial assistance in the seizure of the dark web hidden resource.
An indictment is merely an allegation. A defendant is presumed innocent until proven guilty beyond a reasonable doubt in a court of law."