Department of Justice leads international effort to disrupt 'NetWalker' ransomware

The U.S. Department of Justice, the Bulgarian National Investigation Service, and the Bulgarian General Directorate Combating Organized Crime have worked together to disrupt "a sophisticated form of ransomware" called NetWalker, according to a DOJ statement on Wednesday. 

According to the statement, NetWalker operates as a so-called ransomware-as-service model that features developers and "affiliates."  NetWalker ransomware attacks have victimized universities, companies, municipalities, hospitals, and even healthcare sectors operating during the COVID-19 pandemic, according to the DOJ.

The new law enforcement actions include charges against Canadian national Sebastien Vachon-Desjardins, who is alleged to have obtained $27.6 million via ransomware attacks using NetWalker. Officials also seized more than $450,000 in cryptocurrency that had been paid by victims of three separate attacks. And authorities in Bulgaria seized a "dark web hidden resource" used by NetWalker ransomware affiliates.

“We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims,” said Acting Assistant Attorney General Nicholas L. McQuaid in the statement.

According to the blockchain analytics firm Chainalysis, ransomware attacks grew 311% in 2020, reaching an estimated $350 million in cryptocurrency.