A former Canadian government worker has pleaded guilty to charges of working for a ransomware gang that realized more than $50 million.
Sebastien Vachon-Desjardins has entered into an agreement with U.S. federal prosecutors to plead guilty to charges of being part of a prolific ransomware gang.
According to reports, the gang operating under the name NetWalker had scored $46 million from victims since 2020.
In March, Vachon-Desjardins was extradited to Florida from Canada after his arrest by law enforcement agencies. They confiscated $28 million worth of bitcoin, but the full extent of his involvement remains uncertain.
Canadian hacker faces 40 years in jail
The deal struck with prosecutors is still subject to approval by the courts, but Vachon-Desjardins still faces up to 40 years in prison. The deal includes a provision to fully cooperate with the prosecutors in exchange for a lesser sentence.
Vachon-Desjardins worked with the Canadian Public Services and Procurement department with a focus on real estate.
The feared NetWalkers
According to a Chainalysis report, NetWalkers are among the most prolific ransomware gangs operating in the last couple of years. The gang’s modus operandi involved targeting U.S. hospitals in the heat of the COVID-19 pandemic, but has also diversified to institutions of learning.
To broaden the scope of operations, NetWalker reportedly rents its malware to smaller gangs in exchange for a percentage of the proceeds, known as ransomware-as-a-service.
Other gang members are at large, but Vachon-Desjardins’ testimony could be instrumental in bringing them to book.
A rare kind of case
Ransomware groups usually operate from outside the shores of the U.S., making it difficult for security agencies to apprehend perpetrators. The case of Vachon-Desjardins is a rarity in the industry because of the legal hurdles associated with extraditions.
The U.S. suffered the Colonial Pipeline hack that led to $4.4 million being paid as ransom to the attackers. The Department of Justice recovered $2.3 million of the amount, with Eastern Europe-based DarkSide believed to be responsible for the attack.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.