International authorities disrupt NetWalker ransomware scheme

The DOJ says Bulgarian authorities seized a dark web site NetWalker affiliates use to tell victims how they can pay ransom earlier this week. That site now displays a banner with a notice that it’s been seized by authorities. A Canadian national from Gatineau named Sebastien Vachon-Desjardins was also charged in a Florida court, accusing him of obtaining over $27.6 million from NetWalker-related activities as an affiliate. Finally, on January 10th, authorities managed to get their hands on $454,530.19 worth of cryptocurrency, which is made up of payments made by three NetWalker victims.

That’s just a tiny fraction of the money that changed hands due to the ransomware, though. As KrebsOnSecurity notes, Chainalysis traced more than $46 million worth of funds in NetWalker ransoms since it first popped up back in August 2019. Acting Assistant Attorney General Nicholas L. McQuaid is encouraging victims to come forward as soon as possible after an attack, because that could lead to significant results. He said:

“We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims. Ransomware victims should know that coming forward to law enforcement as soon as possible after an attack can lead to significant results like those achieved in today’s multi-faceted operation.”

The DOJ’s announcement came out on the same day Europol revealed that authorities in the US, Canada and several European countries have disrupted the infrastructure for Emotet. It’s known as one of the “most dangerous” botnets in the world, seeing as it’s good at evading antivirus tools and can be used to deliver ransomware and other malware.