NetWalker ransomware gang affiliate pleads guilty and receives 7-year sentence

Sebastien Vachon-Desjardins, affiliated with the Netwalker ransomware gang has been condemned to seven years in prison for his involvement in the group after pleading guilty in an Ontario court on January 31.

Court documents released on February 1 revealed that Vachon-Desjardins had pleaded guilty to five counts related to “theft of computer data, extortion, payment of ransoms in cryptocurrency and participation in the activities of a criminal organization”.

In addition to the seven-year sentence, Vachon-Desjardins agreed to partial restitution, forfeiture of seized property and a DNA order. Court documents say Vachon-Desjardins was involved in 17 ransomware attacks that caused at least $2.8 million in damages in Canada.

“In August 2020, the Royal Canadian Mounted Police (“RCMP”) received information from the US Federal Bureau of Investigation (“FBI”) regarding a NetWalker ransomware subsidiary operating in Gatineau, Quebec. The FBI informed the RCMP that their suspect was responsible for ransomware attacks in multiple countries, and he was suspected of receiving more than US$15,000,000.00 in ransom payments,” Ontario Court Judge G. Paul Renwick wrote, adding that he had been told that the data entered at Vachon-Desjardins would fill an entire hockey arena so printed.

“Ultimately, based on Internet Protocol addresses, data collected in US investigations of various Apple, Google, Microsoft and Mega.nz accounts, aliases, email addresses and personal information revealed on the social media, the defendant has been identified by Canadian authorities.”

In January, Florida police stopped the Canadian citizen in connection with several attacks by the Netwalker ransomware group. The DOJ claimed that Vachon-Desjardins managed to earn approximately $27.6 million through several ransomware attacks against Canadian organizations like the Northwest Territories Power Corporation, the College of Nurses of Ontario, and a Canadian Tire store in Columbia. British.

One of the biggest issues facing Vachon-Desjardins is when he will be sent to the United States to face his charges there. He was to be sent to the United States, but his release was delayed because he had other drug trafficking charges pending in Quebec. The ruling says Vachon-Desjardins’ sentence can start running now and will continue to run during and after his charges are resolved in the United States.

The sentence will also run concurrently with the 54-month sentence he received for drug trafficking offenses in Quebec.

The judge’s ruling explained that Vachon-Desjardins was a prolific member of the Netwalker ransomware group and even sent the group’s leaders 224 Bitcoins to invest in “the next generation of malicious code that could be used.”

“Defendant even enhanced the ransom messages used by NetWalker affiliates and eventually convinced the creator of NetWalker to use ‘mixing services’ to conceal the ransom funds paid in Bitcoin,” Renwick said.

“Defendant admitted to investigators that over 1,200 Bitcoin related to his NetWalker malware activities passed through his e-wallet and was shared with his unindicted co-conspirators and ransomware developer NetWalker. admits that all his ransomware activity involved more than 2000 Bitcoins.”

Canadian authorities were only able to seize less than 720 Bitcoins from Vachon-Desjardins’ e-wallets and accounts, as he managed to turn the stolen funds into Canadian dollars. In some cases, he received bags of money ranging from $100,000 to $150,000.

When arrested in January 2021, Vachon-Desjardins had approximately $640,000 in cash and $421,000 in his bank account.

“Defendant was not an insignificant player in these and other offenses; he played a dominant, almost exclusive, role in these offenses and he assisted NetWalker and other affiliates by enhancing their ability to extort their victims and hide their profits,” Renwick explained.

“The defendant has a criminal record unrelated to drug trafficking and he was sentenced to 3.5 years imprisonment in 2015 and 4.5 years imprisonment, last week; during the commission of these offenses , the defendant was awaiting the disposition of some of his outstanding charges in Quebec.”

An odd aspect of the report was Renwick’s preoccupation with Vachon-Desjardins’ physical appearance. He called Vachon-Desjardins “handsome, presentable, and immediately likeable”.

Vachon-Desjardins will have to compensate some of the victims affected by its attacks. He will have to pay nearly $1 million to Cégep Saint-Félicien, $725,000 to the Elite Group, more than $700,000 to Entreprise Robert Thibert and Travelers Ins. Co. of Canada as well as $206,737 to the City of Montmagny. Windward Software Systems Inc. will receive $91,966.02 and Endoceutics Inc. will receive $72,503.43.

The funds will be taken from the cryptocurrency that was seized during the searches at his home.

Canadian ransomware expert Brett Callow said people often assume ransomware actors are based in Russia or CIS countries, but this case demonstrates that they may be much closer to home.

“Which is not surprising. Ransomware is a multi-billion dollar industry. North America has talent, criminals and talented criminals. It makes sense that they are lacking in action, especially since cybercriminals operate with impunity,” said Callow, who works as a threat analyst at cybersecurity firm Emsisoft.

“Or, at least they did. That’s starting to change and arrests like this will inevitably make some people wonder if they should go out while things are going well.”

Comments are closed.