Canadian Cybercriminal Pleads Guilty to “NetWalker” Attacks in US

upnorth

Moderator
Thread author
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
5,001
If you’re a Naked Security Pocast listener, you may remember, back in March 2022, that we spoke about a convicted cybercriminal from Canada by the name of Sebastien Vachon-Desjardins.

By all accounts, he was part of several so-called Ransomware-as-a-Service (RaaS) gangs, such as REvil and NetWalker, where the actual ransomware attackers act as “affiliates” for the core ransomware creators, in return for handing over an AppStore-like or Google Play-like 30% cut of every blackmail payment they extort. Simply put, the core gang members create the malware samples, run the darkweb servers that handle the “negotiations” with victims, and collect the extortion payments…while the affiliates handle breaking into victims’ networks, mapping them out, and lining up the final attack in which as many computers on the network as possible have their data scrambled at the same time. The “business theory”, if we can call it that, is that by taking 30% of every successful attack, the core criminals become extremely wealthy indeed, but keep a low profile away from the network-cracking limelight.

At the same time, by handing 70% to their “affiliates”, they encourage those co-conspirators to make each attack as debilitating as possible, potentially increasing the amount that victims can ultimately be squeezed into paying to get their business running again.
Vachon-Desjardins had been a federal government worker in the Canadian Capital Region (he comes from Gatineau in Quebec, directly across the river from the federal capital Ottawa in Ontario). He seems to have decided that joining the cybercrime underworld would be much more lucrative than his government job, and it seems that did indeed rack up a small fortune in illegal earnings…until he was identified, arrested and prosecuted in Canada. After being sentenced to nearly seven years in a Canadian prison, he was then extradited to Tampa, Florida in the US, to face four federal charges there:
  • Conspiracy to Commit Computer Fraud
  • Conspiracy to Commit Wire Fraud
  • Intentional Damage to a Protected Computer
  • Transmitting a Demand in Relation to Damaging a Protected Computer
The choice of Tampa for his trial was because a known victim of one of his “NetWalker” ransomware attacks is based there. Vachon-Desjardins has now pleaded guilty to all four charges
The wire fraud offence alone carries a maximum sentence of 20 years, but we’re assuming that the court will impose a lighter sentence on account of the plea deal being signed. The plea agreement makes it clear that “[the] defendant is pleading guilty because [he] is in fact guilty.” And part of the deal includes that the “defendant agrees to cooperate fully with the United States in the investigation and prosecution of other persons, […including] a full and complete disclosure of all relevant information, including production of any and all books, papers, documents, and other objects in defendant’s possession or control.”

In other words, Vachon-Desjardins is now expected to spill the beans, and rat out his former chums in the ransomware scene.