The United States Department of Justice has launched a global law enforcement action against a cyber-criminal gang that has made millions by selling ransomware-as-a-service (RaaS).
A coordinated international law enforcement action to disrupt NetWalker was announced by the Department yesterday.
NetWalker ransomware has claimed numerous victims, including companies, municipalities, hospitals, law enforcement departments, emergency services, school districts, colleges, and universities. In June last year, the University of California San Francisco admitted paying $1.14m to recover important academic work stored on some of its School of Medicine servers that had been encrypted by NetWalker.
“This action reflects the resolve of the US Attorney’s Office for the Middle District of Florida to target and disrupt sophisticated, international cybercrime schemes,” said US Attorney Maria Chapa Lopez for the Middle District of Florida.
“While these individuals believe they operate anonymously in the digital space, we have the skill and tenacity to identify and prosecute these actors to the full extent of the law and seize their criminal proceeds.”
According to court documents, NetWalker operates a RaaS model featuring “developers” and “affiliates” who split ransom payments made by victims.
While developers are responsible for creating and updating the ransomware and making it available to affiliates, affiliates are tasked with identifying and attacking high-value victims with the malware.
The NetWalker action includes charges against Canadian national Sebastien Vachon-Desjardins of Gatineau, Ottawa, in relation to ransomware attacks that allegedly netted NetWalker at least $27.6m.
The action also includes the January 10 seizure of over $454k in crypto-currency from ransom payments made by victims of three separate NetWalker attacks, and the disablement by Bulgarian authorities of a hidden resource on the dark web that NetWalker used to communicate with their victims. Visitors to the resource will now be greeted with a seizure notice.
“We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims,” said Acting Assistant Attorney General Nicholas McQuaid of the Justice Department’s Criminal Division.
“Ransomware victims should know that coming forward to law enforcement as soon as possible after an attack can lead to significant results like those achieved in today’s multi-faceted operation.”