A woman types on her laptop in Miami in a Monday, Dec. 12, 2016, photo illustration. An investigation into a scourge of NetWalker ransomware attacks has led to the arrest of a Canadian man, the U.S. Department of Justice said on Wednesday. According to an indictment, police in Florida charged Sebastien Vachon-Desjardins of Gatineau, Que., with illegally obtaining more than $27.6 million. THE CANADIAN PRESS/AP/Wilfredo Lee

A woman types on her laptop in Miami in a Monday, Dec. 12, 2016, photo illustration. An investigation into a scourge of NetWalker ransomware attacks has led to the arrest of a Canadian man, the U.S. Department of Justice said on Wednesday. According to an indictment, police in Florida charged Sebastien Vachon-Desjardins of Gatineau, Que., with illegally obtaining more than $27.6 million. THE CANADIAN PRESS/AP/Wilfredo Lee

Canadian man charged in U.S. with NetWalker ransomware attacks

The ransomware, like similar malware, often infiltrates computer networks via phishing emails

An investigation into a scourge of NetWalker ransomware attacks has led to the arrest of a Canadian man, the U.S. Department of Justice said on Wednesday.

According to an indictment, police in Florida charged Sebastien Vachon-Desjardins of Gatineau, Que., with illegally obtaining more than $27.6 million.

The accused is alleged to be part of a shadowy group of cyber criminals who have attacked several targets in Canada, including the College of Nurses of Ontario, a Canadian Tire store in B.C., and the Northwest Territories Power Corporation.

“Ransomware victims should know that coming forward to law enforcement as soon as possible after an attack can lead to significant results like those achieved in today’s multi-faceted operation,” Nicholas McQuaid, an acting assistant attorney general with the Justice Department, said in a statement.

U.S. authorities said they had seized about US$455,000 in cryptocurrency from ransom payments in three separate attacks. They also said authorities in Bulgaria had disabled a “dark web” resource used to communicate with NetWalker ransomware victims.

NetWalker operates as a so-called ransomware-as-a-service model, featuring “developers” and “affiliates,” who split the proceeds of any ransom paid. Experts say NetWalker attacks really took off last March as the criminals exploited fears of COVID-19 and people working remotely.

The ransomware, like similar malware, often infiltrates computer networks via phishing emails. Such messages masquerade as genuine, prompting users to provide log-in information or inadvertently download malware.

Earlier ransomware attacks focused on encrypting a target’s files — putting them and even backups out of reach. Increasingly, attackers also threaten to publish sensitive data stolen during the time spent inside an exploited network before encryption and detection.

Once a victim’s computer network is compromised and the data encrypted and downloaded, the NetWalker criminals demand money to return system access. If victims refuse, they might never regain their data or, more frequently now, the information is made public.

NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges and universities. Recent attacks have specifically targeted the health-care sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims.

Brett Callow, a Vancouver Island-based threat analyst with cybersecurity firm, Emsisoft, said the group had made millions. In one case last year, they extorted $1.4 million from a California university.

Police urged any victims to contact law enforcement right away.

“This case illustrates the FBI’s capabilities and global partnerships in tracking ransomware attackers, unmasking them, and holding them accountable,” Special Agent Michael McPherson, with the FBI’s field office in Tampa, Fla., said.

Colin Perkel, The Canadian Press

hackers

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Ronald Schinners, owner of The Cabbie in the #YYJ, opened his taxi service in the West Shore last month. (Dawn Gibson/News Staff)
‘One man show,’ The Cabbie in the #YYJ cultivates 45,000 followers on Instagram

New taxi company brings unusual spunk to the West Shore

German Chancellor Angela Merkel has in the past warned of Öffnungsdiskusionorgien (translated as an orgy of discussions about openings), one of one of the 1,200 words added to the German lexicon as reported by the Leibniz Institute for the German Language. (Michael Kappeler/Pool via AP)
German lexicon grows by 1,200 words, many inspired by COVID-19 pandemic

Öffnungsdiskusionorgie (orgy of discussions about openings) among new entries

During a press event on March 6, Const. Alex Berube, media relations officer for the West Shore RCMP, addressed a deadly shooting that occurred in Metchosin the night before. (Devon Bidal/News Staff)
VIDEO: One man shot dead in ‘targeted incident’ on Sooke Road

Highway 14 reopens following multi-hour closure for investigation

Victoria man Brett Andersen is asking for people’s help to secure him one of eight free tickets to the moon. (Screenshot/@brettandersen Instagram)
Victoria man wants your help securing a free ticket to the moon

Japanese billionaire offering eight people a trip to the moon

The James C Richardson Pipe Band marches in a Remembrance Day parade on Nov. 11, 2019 in Chilliwack. Wednesday, March 10 is International Bagpipe Day. (Jenna Hauck/ Chilliwack Progress file)
Unofficial holidays: Here’s what people are celebrating for the week of March 7 to 13

International Bagpipe Day, Wash Your Nose Day and Kidney Day are all coming up this week

The Port Alice pulp mill has been dormant since 2015. (North Island Gazette file photo)
Parts recycled, life returning to inlet as as old Port Alice mill decommissioned

Bankruptcy company oversees de-risking the site, water treatment and environmental monitoring

The Conservation Officers Service is warning aquarium users after invasive and potentially destructive mussels were found in moss balls from a pet store. (BC Conservation Officers Service/Facebook)
Aquarium users in B.C. warned after invasive mussels found at pet store

Conservation officers were told the mussels were found in a moss ball from a Terrace pet store.

Hockey hall-of-fame legend Wayne Gretzky, right, watches the casket of his father, Walter Gretzky, as it is carried from the church during a funeral service in Brantford, Ont., Saturday, March 6, 2021. HE CANADIAN PRESS/Nathan Denette
Walter Gretzky remembered as a man with a ‘heart of gold’ at funeral

The famous hockey father died Thursday at age 82 after battling Parkinson’s disease

Donald Alan Sweet was once an all star CFL kicker who played for the Montreal Alouettes and Montreal Concordes over a 13-year career. Photo courtesy of Mission RCMP.
Ex-B.C. teacher who was CFL kicker charged with assault, sexual crimes against former students

Donald Sweet taught in Mission School District for 10 years, investigators seek further witnesses

(Black Press Media files)
Medicine gardens help Victoria’s Indigenous kids in care stay culturally connected

Traditional plants brought to the homes of Indigenous kids amid the COVID-19 pandemic

Personal protective equipment is seen in the COVID-19 intensive care unit at St. Paul’s hospital in downtown Vancouver. THE CANADIAN PRESS/Jonathan Hayward
$16.9 million invested to improve worker safety, strengthen B.C.’s food supply chain

Money to be used for social distancing, personal protective equipment, cleaning, and air circulation

More than ever before, as pandemic conditions persist, the threat of data breaches and cyberattacks continues to grow, according to SFU professor Michael Parent. (Pixabay photo)
SFU expert unveils 5 ways the COVID-19 pandemic has forever changed cybersecurity

Recognizing these changes is the first in a series of steps to mitigate them once the pandemic ends, and before the next: Michael Parent

Most Read