The United States Department of Justice (DOJ) reported the capture of Sebastien Vachon-Desjardins. The Canadian citizen is accused of having obtained at least 27.6 million dollars in bitcoin (BTC) for operating a NetWalker-type ransomware attack against a company located in Florida.
Prosecutors Americans announced on Wednesday, January 27, that the FBI, along with the Bulgarian police, disconnected a website at the darknet that hackers used to extort money from their victims. Instead, a message now appears: “This hidden site has been seized by the FBI, as part of a coordinated police action against the ransomware NetWalker.” Some $ 450,000 worth of bitcoin was seized.
Blockchain research firm Chainalysis published a report related to this ransomware in which he reveals that some 345 addresses were associated with Vachon-Desjardins. His accounts kept a record of transactions from February 2018 until the day of his arrest. During that time he received a payment in bitcoin equivalent to about USD 14 million, a loot that now has a value of 27 million dollars due to the increase in the price of the cryptocurrency .
The Canadian would have participated in at least 91 attacks using a business model known as ransomware as-a-service ( RaaS). Under this formula hackers design malicious software that they make available to third parties so that they can buy it as a tool through different distribution models.
Ransomware for rent in exchange for bitcoin
In its document, the DOJ indicates that it is working with the idea of disrupting the criminal structure that It operates with the ransomware Netwalker. The concept behind this type of attack operates under a sophisticated structure. Under the RaaS model there are groups that provide others with the tools to hold files hostage in exchange for a rent or membership payment that is usually made in bitcoin , as the report shows Chainalysis.
An administrator participates in the criminal structure or malware developer, an affiliate and two commissioners. Each obtains a percentage of the profits made with each attack. According to the report, an affiliate like Vachon-Desjardins is generally responsible for gaining access to the victim network and to implement the malware. “There are cases where a wallet gets 100% of the payment, which we believe belongs to the NetWalker administrator and indicates that he or she may also be directly involved in some of the attacks.”
An attack of ransomware is possible once the hacker gets illegal access to servers connected to companies, universities or health centers. After logging in, all processes and services are cut off, the files on the disk are encrypted and the backup copies stored on the same network are deleted. As a consequence, everything stored on the victim’s devices becomes inaccessible.
Later the attackers gain access to sensitive data, which they then use to blackmail their victims into paying a ransom in exchange for keeping their files private and not leaking on the Internet. Screenshots of the stolen files, along with a bitcoin address, are revealed to the victim, who have a set time to pay the ransom, and if they don’t, everything on their machines affected will be exposed.
According to the US authorities, NetWalker has impacted at least 305 victims from 27 different countries, including 203 in the US, 6 in Argentina and 2 in Spain. Chainalysis claims to have tracked over $ 46 million in NetWalker ransoms since it first entered the scene in August 2019. “No other category of cryptocurrency-based crime had a growth rate higher than ransomware in 2020, “says the firm.
In August last year, CriptoNoticias reported that a NetWalker-type attack hijacked files containing data from investigations on Covid- 19 being advanced by the University of California at San Francisco. The institution was forced to pay 118 bitcoin (USD 1.39 million) for the rescue of the documents.