Security News > 2021 > January > NetWalker Ransomware Suspect Charged: Tor Site Seized

NetWalker Ransomware Suspect Charged: Tor Site Seized
2021-01-27 21:08

UPDATE. Hot on the heels of the Emotet takedown announced Wednesday, the NetWalker ransomware has also been partially disrupted by an international police action.

The Department of Justice said Wednesday that it has brought charges "Against a Canadian national in relation to NetWalker ransomware attacks," while also seizing around $454,500 in cryptocurrency from ransom payments made by three separate victims.

According to an analysis from Chainanalysis, Vachon-Desjardins carried out 91 total ransomware attacks, with NetWalker but also as an affiliate for REvil and Ragnar Locker as well.

The NetWalker ransomware has impacted numerous types of victims since bursting on the scene in 2020; but it has made healthcare targets a particular focus, using the COVID-19 pandemic to better extort organizations.

In mid-2020, NetWalker authors notably transitioned to a ransomware-as-a-service model, where they rent the malware and surrounding services to affiliates who carry out the actual attacks.

The Bulgarian national police force has disabled "a Dark Web hidden resource used to communicate with NetWalker ransomware victims" to provide payment instructions; researchers said the Tor node is also the group's leaks site, where it publishes stolen victim information if the target refuses to pay a ransom in a form of double extortion.


News URL

https://threatpost.com/netwalker-ransomware-suspect-charged/163405/