Canadian Man Sebastien Vachon-Desjardins Grossed $21.5 Million From Cyber Extortion
A Canadian man faces a two decade sentence in U.S. prison for acting as an affiliate of the NetWalker ransomware-as-a-service gang.
Sebastien Vachon-Desjardins, 35, grossed $21.5 million during his time spent working with the Russia-based developers behind the extortion malware, which is also known as Mailto.
He earlier pleaded guilty in U.S. District Court for the Middle District of Florida to four felonies including conspiracy to commit wire fraud and violations of U.S. hacking law. His sentencing includes forfeiture of the stolen money. Prosecutors say he began his crime spree in April 2020.
Judge William F. Jung said the sentence should be a warning to ransomware hackers. “You have one of the worst cases I’ve ever seen,” Jung said, reported the Tampa Bay Times. “This is Jesse James meets the 21st century.”
Netwalker affiliates significantly ramped up targeting of the healthcare sector during the novel coronavirus pandemic, attacking health service providers in multiple states and the University of California San Francisco’s school of medicine. The FBI in a 2020 alert warned that affiliates were using COVID-themed emails containing an attachment with malicious Visual Basic Scripting code embedded into it.
“The defendant in this case used sophisticated technological means to exploit hundreds of victims in numerous countries at the height of an international health crisis,” said U.S. Attorney Roger B. Handberg in a statement.
Vachon-Desjardins formerly worked as an IT consultant with the Canadian government. Canada extradited him to the United States in March after a Canadian court handed him down a 7 year prison term.
Among Vachon-Desjardins’s victims was an unnamed Tampa-based company from which Vachon-Desjardins demanded $300,000 in bitcoin. Prosecutors say the company refused to pay, instead spending $1.2 million to restore operations.
Canadian authorities say they identified 17 domestic companies targeted by Vachon-Desjardins. A Jan. 27, 2021 raid on his Quebec home by Royal Canadian Mounted Police found 719 Bitcoin and $790,000 in Canadian currency.
Federal prosecutors identified the Canadian as an affiliate after working with Bulgarian authorities to seize the backend servers used to communicate with victims and obtain payments (see: Another Takedown: Netwalker Ransomware Gang Disrupted). The server revealed a network of about 100 affiliates who collectively extorted $40 million worth of cryptocurrency. NetWalker is thought to have first become active in fall 2019 and to have adopted the ransomware-as-a-service model in spring 2020.