Skip links

Canadian Netwalker ransomware crook pleads guilty to million-dollar crimes

A Canadian who used the Netwalker ransomware to attack 17 organisations and had C$30m (US$23.6m) in cash and Bitcoin when police raided his house has been jailed for more than six years.

Sebastien Vachons-Desjardins of Gatineau, Ottawa, was sentenced to six years and eight months in prison earlier this month after pleading guilty to five criminal charges in Ontario’s Court of Justice.

“The Defendant excelled at what he did,” sniffed Justice Paul Renwick in a sentencing note published on Canadian court document repository CanLII. “Between 10-15 unknown individuals hired the Defendant to teach them his methods. Some of these activities benefitted those interested in securing computer networks from these types of attacks. Some of the Defendant’s students were likely other cyber threat actors.”

Vachons-Desjardins was arrested last year after the Federal Bureau of Investigation accused him of bringing in $27m for the Netwalker gang of which he was a part. The FBI said last year it had retrieved US$450k worth of cryptocurrency from three separate infections, while saying Bulgarian police had shut down a “dark web hidden resource” used by Netwalker.

In a 2020 analysis Sophos said Netwalker’s tools included “programs intended to capture Domain Administrator credentials from an enterprise network.”

“Some of the scripts and exploit tools were copied directly from Github repositories,” said Sophos, adding: “Several of the tools are freely available Windows utilities, such as Amplia Security’s Windows Credential Editor.”

Sentencing Vachons-Desjardins, the judge said: “The Defendant personally profited greatly from these offences; he earned the equivalent of over $600,000 in cash (seized by police), bank balances of over $400,000, and Bitcoin transfers to money spent estimated at $1,755,000, and the value of at least 944 Bitcoins (720 seized and 224 paid in the days leading up to the seizure to invest in NetWalker), worth over $30,000,000 when seized.”

The sentence was imposed for two counts of extortion, one count of participating in the activities of a criminal organisation, and one count of “mischief to data”. The newly convicted criminal still faces extradition and trial in the US.

His victims, who are all receiving five to six-figure sums in “restitution” ordered by the judge, included: Windward Software Systems (which makes an ERP suite); Cegep St Felicien, a Quebecois college; business insurance firm Continental Casualty Company; and custom car shop Enterprise Robert Thibert, among others.

Ransomware gangs are relatively rarely brought to trial, so Vachons-Desjardins’ guilty plea makes him an unusual suspect.

Ukrainian police have made a number of arrests over the past few months, while the US has, over the years, occasionally imprisoned foreign criminals who travelled to countries with American extradition treaties.

Even Russia, thought to be home to most ransomware criminals, seems to have got in on the act in recent weeks. Maybe a firmer approach to online crims is coming, but thee are troubled times for geopolitical cooperation. ®