The U.S. Department of Justice (DOJ) issued an announcement about the seizure of a dark web website utilized by the NetWalker ransomware gang in connection with a worldwide action to interrupt operations and bring to justice the persons behind the ransomware extortion attacks.
The activity was coordinated with the Computer Crime and Intellectual Property Section of the Department of Justice, the United States Attorney’s Office for the Middle District of Florida, with considerable support given by the Bulgarian National Investigation Service and General Directorate Combatting Organized Crime.
The NetWalker ransomware gang is a ransomware-as-a-service (RaaS) agent that hire affiliates to propagate ransomware in exchange for a percentage of the ransom payments. The NetWalker gang began at the end of 2019. Since that time, the gang has become well-liked among affiliates and a lot of attacks were performed. In the first 5 months of operation, the gang had earned ransom payments totaling about $25 million. The University of California San Francisco paid about $1.14 million to the gang to retrieve encrypted data in June 2020. The gang is believed to have already earned over $46 million.
The gang has attacked companies and organizations in various sectors including the healthcare industry, colleges, universities, emergency services, and municipalities.
The FBI’s Tampa Field Office led the investigation of the NetWalker ransomware operation. So far, only Sebastien Vachon-Desjardins of Gatineau, a Canadian national, was arrested for his participation in extortion attacks as an affiliate of the NetWalker gang. The DOJ claims Vachon-Desjardins got over $27.6 million in ransom payments from April 2020. Vachon-Desjardins is presumed to be the affiliate for 91 attacks in 8 months and he got 80% of the ransom payments. A Chainalysis report also says that Vachon-Desjardins is believed to be dealing with other RaaS operations.
The DOJ stated it seized $454,530 in cryptocurrency paid by three ransomware attack victims. The Bulgarian law enforcement officers seized control of a dark web site that NetWalker ransomware affiliates used for communicating with victims and giving directions on ransom payments. The website currently has a notice saying it is under the control of authorities.
The ransomware developers are still free and just one affiliate was arrested. However, the action disrupted the operation to some extent and more arrests may be expected.
Ransomware victims ought to know that going to authorities immediately after an attack could bring about significant outcomes such as those accomplished in today’s multi-faceted operation.