US authorities disrupt $46M ransomware NetWalker

Authorities in the United States have led a coordinated international law enforcement action to disrupt a sophisticated form of ransomware known as NetWalker. The ransomware reportedly earned criminals over $46 million in less than two years.

NetWalker affected numerous victims since it came into the scene in August 2019. The U.S. Department of Justice claims that it targeted law enforcement agencies, companies, municipalities, colleges, universities, emergency services and more. During the COVID-19 pandemic, it targeted healthcare services, taking advantage of the health crisis to extort victims.

The DoJ’s action included pressing charges against a Canadian national who allegedly received millions of dollars in ransom. Sebastien Vachon-Desjardins was charged in Florida in connection with his role in the ransomware. He allegedly received $14 million at the time of payment which has appreciated to over $27 million as digital currency prices shot up in recent months.

In another action, the DoJ seized $454,530.19 worth of digital currencies earlier this year. It claimed the money was the proceeds of ransom payments from NetWalker victims.

Elsewhere, Bulgarian authorities also seized a dark web hidden resource that NetWalker attackers used to provide payment instructions to their victims.

Blockchain analytics firm Chainalysis revealed in a blog post that law enforcement agencies used its tools to crack down on NetWalker attackers. According to Chainalysis, NetWalker was one of the ransomwares that received the most ransom in 2020.

Chart

The blog post stated, “Chainalysis has traced more than $46 million worth of funds in NetWalker ransoms since it first came on the scene in August 2019. It picked up steam in mid-2020, growing the average ransom to $65,000 last year, up from $18,800 in 2019.”

NetWalker affected at least 305 victims from 27 different countries, as per the New York-based firm. The U.S. had the most victims, accounting for 66% of the attacks, with 203 victims. France with 22, Canada with 19 and the U.K. with 11 were the other notable countries on the list.

NetWalker operated in a Ransomware-as-a-service (RaaS) model, the DoJ indicated. This model featured developers and affiliates. The former created and updated the ransomware while the latter identified and attacked their victims. The two groups would then share the ransom.

Acting Assistant Attorney General Nicholas McQuaid commented, “We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims.”

The report comes just days after Chainalysis revealed that ransomware attacks increased by 311% in 2020. This was despite a drastic drop in other types of digital currency related crime.

See also: CoinGeek Live presentation, Blockchain Intelligence: Analytics, Forensics & Compliance Tools for Bitcoin SV

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.

[10]
[10]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
['on' + event]
['on' + event]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[i]
[i]
[results[1]]
[results[1]]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[10]
[10]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
['on' + event]
['on' + event]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[i]
[i]
[results[1]]
[results[1]]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]