A former Canadian government employee has pleaded guilty in a US court to several charges related to his involvement with the NetWalker ransomware gang.
On Tuesday, 34-year-old Sebastien Vachon-Desjardins admitted he conspired to commit computer and wire fraud, intentionally damaged a protected computer, and transmitted a demand in relation to damaging a protected computer.
He will also forfeit $21.5 million and 21 laptops, mobile phones, gaming consoles, and other devices, according to his plea agreement [PDF], which described Vachon-Desjardins as “one of the most prolific NetWalker Ransomware affiliates” responsible for extorting said millions of dollars from dozens of companies worldwide.
Vachon-Desjardins, who faces up to 40 years behind bars, said he would “cooperate fully with the United States” as American prosecutors work to bring others involved in the ransomware crew to justice. This includes testifying against his former NetWalker affiliates.
If this cooperation qualifies as “substantial assistance,” then Vachon-Desjardins may get off with a lighter sentence.
In January 2021, the US Dept of Justice said it launched a coordinated international sting operation to disrupt NetWalker. At the time, security shop Chainalysis estimated the ransomware code, which is offered as-a-service for criminals to rent, extorted at least $46 million from some 305 victims across 27 different countries, including 203 in the US.
As part of the NetWalker takedown, the Feds seized about $454,530 in cryptocurrency in ransom payments, disabled the crime rings’ servers and dark-web blog it used to communicate with ransomware victims, and also arrested Vachons-Desjardins, who, according to the FBI, raked in $27 million for the NetWalker gang.
In February, a Canadian judge sentenced him to six years and eight months in prison after hge pleaded guilty to five criminal charges in Ontario’s Court of Justice.
And a month later, he was extradited to the US to face charges related to his involvement with the crime ring.
Vachons-Desjardins’ plea agreement identified “victim 1” as a company located in Tampa, Florida, and detailed how, around April 20, 2020, he breached that organization’s network security, encrypted files and deployed ransomware before dropping a ransom note indicating that the organization had been compromised by NetWalker.
The note demanded victim 1 pay $300,000 in Bitcoin, and while the organization didn’t pay the criminals, it ended up spending about $1.2 million to respond to the attack and restore its operations, according to the court documents.
Other victims did pay, however, and the plea deal tied Vachons-Desjardins to the successful extortion of about 1,864 Bitcoin in ransoms, or about $21.5 million, from dozens of companies globally. ®