NetWalker ransomware affiliate sentenced to 20 years in prison

A former Canadian government employee has been sentenced to 20 years in prison for his role in a ransomware scheme that netted him more than $21 million.

Sebastien Vachon-Desjardins, a 34-year-old from Quebec, was sentenced in a Florida court on Tuesday after pleading guilty to charges related to his involvement in the prolific NetWalker ransomware-as-a-service (RaaS) operation. Vachon-Desjardins operated as an affiliate for NetWalker, where it is believed he conducted a number of U.S. companies and at least 17 Canadian entities.

Vachon-Desjardins, who worked as an IT consultant for Public Works and Government Services in Canada, according to his LinkedIn profile, was previously arrested by Canadian police in January 2021 and sentenced to seven years in prison. During a search of his home, law enforcement officials discovered and seized 719 bitcoin, valued at about $17.6 million at the time of writing, and $790,000 in Canadian currency. Authorities in the U.S. and Belgium also seized the dark web site used by NetWalker to publish data stolen from victims.

In March, Vachon-Desjardins was extradited to the U.S. to face charges of conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer and transmitting a demand concerning damaging a protected computer.

Alongside a 20-year prison sentence — far higher than the 12-15 year prison term suggested by federal guidelines — the former NetWalker affiliate was also ordered to forfeit $21.5 million that was illicitly obtained from “dozens” of victims globally, including companies, municipalities, law enforcement, emergency services, school districts, colleges and universities. NetWalker also targeted numerous hospitals in the U.S. during the COVID-19 pandemic.

“The defendant in this case used sophisticated technological means to exploit hundreds of victims in numerous countries at the height of an international health crisis,” U.S. Attorney Roger B. Handberg for the Middle District of Florida said.

NetWalker, also known as “Mailto,” first surfaced in 2019 and has since been linked to several high-profile attacks. In June 2020, the group targeted the University of California San Francisco, which paid a ransom demand of more than $1 million. Three months later, NetWalker hit cyberthreat startup Cygilant. Between August 2019 and January 2021, ransomware attacks involving NetWalker pulled $46 million in ransom payments, according to cryptocurrency analysis firm Chainalysis.