NetWalker ransomware operator extradited to the US, over $28M in bitcoin seized

A former Canadian government employee accused of carrying out dozens of ransomware attacks has been extradited to the United States, with more than $28 million in bitcoin seized in connection with the case.

Sebastien Vachon-Desjardins, who worked as an IT consultant for Public Works and Government Services in Canada, according to his LinkedIn profile, was extradited to the U.S. on Wednesday, where he will face multiple charges related to his alleged participation with the NetWalker ransomware group, the U.S. Justice Department announced this week.

NetWalker, also known as “Mailto,” is a prolific ransomware-as-a-service (RaaS) operation that enlists affiliates to deploy ransomware in return for a share of the ransom payment. The group first surfaced in 2019 and has since been linked to several high-profile attacks. In June 2020, the group targeted the University of California San Francisco, which paid a ransom of more than $1 million. Three months later, NetWalker hit cyber threat startup Cygilant.

The RaaS operation also targeted Argentina’s immigration agency, Pakistan’s largest private power utility and, during the height of the COVID-19 pandemic, a number of hospitals and law enforcement agencies. Between August 2019 and January 2021, ransomware attacks involving NetWalker pulled $46 million in ransom payments, according to cryptocurrency analysis firm Chainalysis.

Vachon-Desjardins was arrested by Canadian police in January 2021 as part of an international law enforcement campaign targeting the NetWalker ransomware group. During a search of his home in Quebec, officers found 719 bitcoin, valued at approximately $28.1 million at the time of writing, and $790,000 in Canadian currency. Authorities in the U.S. and Belgium also seized the dark web site used by NetWalker to publish data stolen from victims.

At the time, Vachon-Desjardins was sentenced in a Canadian court to seven years in prison after pleading guilty to five charges related to the theft of computer data, extortion, the payment of cryptocurrency ransoms and participating in the activities of a criminal organization.

With Vachon-Desjardins now in the U.S., he faces further charges that accuse him of conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer and transmitting a demand in relation to damaging a protected computer.

If convicted, he may be required to forfeit more than $27 million for his involvement with the NetWalker ransomware gang.

“As exemplified by the seizure of cryptocurrency by our Canadian partners, we will use all legally available avenues to pursue seizure and forfeiture of the alleged proceeds of ransomware, whether located domestically or abroad,” said assistant attorney general Kenneth Polite Jr. “The department will not cease to pursue and seize cryptocurrency ransoms, thereby thwarting the attempts of ransomware actors to evade law enforcement through the use of virtual currency.”

News of Vachon-Desjardins’ extradition comes just days after a member of the REvil ransomware group was arrested and extradited to Texas to face U.S. charges for his alleged involvement in the Kaseya hack.