top of page

20-year jail sentence for NetWalker hacker for ransomware attacks

An American court convicted a Canadian man who participated in ransomware attacks on hospitals, corporations, and government institutions to 20 years in jail and ordered him to surrender the $21.5 million that American investigators claim he collected from his numerous victims.

According to the Department of Justice, Sebastien Vachon-Desjardins, a Quebec resident, collaborated with an international cybercrime gang that started using NetWalker ransomware in 2019 to encrypt vital computer systems of hospitals and other health organizations, businesses, universities, and government agencies throughout the United States, Europe, and Asia Pacific until ransoms were paid (DOJ).

The Middle District of Florida U.S. District Court issued an indictment against Vachon-Desjardins in December 2020 for his participation in a ransomware attack and extortion of an undisclosed corporation in Tampa, Florida, in May 2020. He entered pleas of guilty to one count each of conveying a demand with the aim to harm a protected computer, conspiracy to commit computer fraud, conspiracy to commit wire fraud, and intentional damage to a protected computer.

Previously, Vachon-Desjardins worked for the Canadian government as an IT professional.

Upon a search of his residence during his arrest in January 2021, 719 bitcoin worth $21.8 million were discovered. The DOJ said that he had extracted at least that much money from his victims.

In a news statement issued on Tuesday, Assistant Attorney General Kenneth Polite Jr. of the DOJ's Criminal Division stated that the defendant "identified and attacked high-value ransomware victims and profited from the chaos caused by encrypting and stealing the victims' data."

The Federal Bureau of Investigation (FBI) stated in a July 2020 cybersecurity alert that NetWalker gained widespread attention as a security issue in March 2020 when it infiltrated an Australian transportation and logistics firm and a U.S. public health organization. According to the FBI, the ransomware frequently obtains access to computers by taking advantage of outdated virtual private network hardware or weak passwords.

Infecting health organizations in Maryland, Illinois, Pennsylvania, and California by September 2020, the ransomware had stolen at least $30 million from its victims. According to a cybersecurity report from the Department of Health and Human Services, the University of California San Francisco paid a ransom of more than $1 million (HHS).

During the height of the COVID-19 epidemic, the assaults forced the closure of medical institutions and led to the compromise and sale of patient personal information, according to HHS. According to HHS, the malware speaks Russian but prevents machines in Russia from becoming infected.

After Vachon-Desjardins was detained, the DOJ declared that an organized, global operation to bring down NetWalker had been launched.



bottom of page