An ex-Canadian government employee pleaded guilty in Florida court earlier this week to charges of involvement with the NetWalker ransomware group.
Sebastien Vachon-Desjardins, 34, was accused of conspiracy to commit computer fraud and wire fraud, as well as intentional damage to a protected computer and transmitting a demand concerning damaging a protected computer.
Vachon-Desjardins was extradited in March, following the launch of a US global action against the NetWalker cyber-criminal gang in January.
“Between May 2020 and January 2021, the defendant victimized 17 Canadian entities and others throughout the world by breaching private computer networks and systems, hi-jacking their data, holding the stolen data for ransom and distributing stolen data when ransoms were not paid,” Justice G.P. Renwick said in February.
For context, NetWalker has been active since 2019, with the group offering its malware to threat actors in a ransomware-as-a-service (RaaS) model.
According to a 2020 report by McAfee, NetWalker made $25m in a span of just five months in that year.
Court documents filed in a district court in Florida claimed the NetWalker group stole a total of 5058 bitcoin in illegal payments (about $40m at the time of the transaction).
Vachon-Desjardins was named “one of the most prolific NetWalker ransomware affiliates” and would be responsible for the extortion of about 1864 bitcoin.
“The Defendant excelled at what he did. Between 10-15 unknown individuals hired the Defendant to teach them his methods,” Renwick said.
“Some of these activities benefitted those interested in securing computer networks from these types of attacks. Some of the Defendant’s students were likely other cyber threat actors.”
Vachon-Desjardins has now agreed, as part of the plea deal, to forfeit all the digital assets held in his crypto wallet as well as various equipment he allegedly purchased using illegally obtained funds.
The Ontario Court of Justice sentenced Vachon-Desjardins to six years and eight months in prison.