Security News > 2021 > January > US charges NetWalker ransomware affiliate, seizes ransom payments
The U.S. Justice Department announced today the disruption of the Netwalker ransomware operation and the indictment of a Canadian national for alleged involvement in the file-encrypting extortion attacks.
Earlier today, BleepingComputer reported that law enforcement in the U.S. and Bulgaria seized Netwalker sites on the dark web used for leaking data from non-paying victims and for negotiating payments for data decryption.
Despite starting in late 2019, Netwalker ransomware operation caused financial losses of tens of millions of US dollars.
Apart from seizing the dark web sites, the DOJ says that Canadian national Sebastien Vachon-Desjardins of Gatineau was charged in relation to Netwalker ransomware attacks.
On January 10, law enforcement was able to seize a little over $450,000 in cryptocurrency that represented ransom payments from three distinct Netwalker victims.
Incident responders from Crypsis, a Palo Alto Networks company, told BleepingComputer that in the case of three U.S. organizations Netwalker asked for cryptocurrency worth $108,000 from a public entity, a little over $2 million from a utilities organization, and $1 million from a manufacturing business.
News URL
Related news
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- Ransomware fiends boast they've stolen 1.4TB from US pharmacy network (source)
- US charges Phobos ransomware admin after South Korea extradition (source)
- Phobos ransomware administrator faces US cybercrime charges (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)
- Ransomware payments are now a critical business decision (source)
- US government, energy sector contractor hit by ransomware (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)