28 January 2021

Law enforcement operation dismantles NetWalker ransomware’s dark web sites


Law enforcement operation dismantles NetWalker ransomware’s dark web sites

As part of a coordinated effort, law enforcement from the US and Bulgaria have seized the dark web payment websites associated with the NetWalker ransomware operation. These sites were used by NetWalker ransomware affiliates to provide payment instructions and communicate with victims.

Netwalker is a Ransomware-as-a-Service (RaaS) operation, active since late 2019. This cybercrime business model involves so called “developers” and “affiliates”. Developers are responsible for creating and updating the ransomware and making it available to affiliates, who, in turn, are using it to attack high-value victims. Once a ransom is paid, the funds are split among all parties involved.

“NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities, and even the healthcare sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims,” according to the US Department of Justice.

The law enforcement also seized around $454,530.19 in cryptocurrency, which was comprised of ransom payments made by victims of three separate NetWalker ransomware attacks.

The DoJ also announced the indictment of Sebastien Vachon-Desjardins of Gatineau, a Canadian national in relation to NetWalker ransomware attacks in which tens of millions of dollars were allegedly obtained.

The indictment alleges that Vachon-Desjardins obtained at least over $27.6 million as a result of the illicit activities. He was part of the operation since at least April 2020 and appears to be an affiliate and not part of the developer group.

Back to the list

Latest Posts

Vulnerability summary for the week: March 5, 2021

Vulnerability summary for the week: March 5, 2021

A weekly vulnerability digest.
5 March 2021
Microsoft shares details on three new malware strains used in SolarWinds hack

Microsoft shares details on three new malware strains used in SolarWinds hack

GoldMax, Sibot and GoldFinder were used by attackers to achieve persistence on the infected machines and perform actions post-compromise.
5 March 2021
Four notorious cybercrime forums hacked

Four notorious cybercrime forums hacked

The list of hacked crime forums includes Maza, Verified, Crdclub and Exploit.
5 March 2021