Dark-Web Website Connected With The Netwalker Ransomware, Seized By Authorities
Authorities from the US and Bulgaria recently seized a dark web website which was utilized by the cybercrime group behind the Netwalker ransomware to distribute and sell the stolen/breached data. Nicholas L. McQuaid, the Acting Assistant Attorney General at the Criminal division of the Justice Department explained that “ransomware victims should know that coming forward to law enforcement as soon as possible after an attack can lead to significant results like those achieved in today’s multi-faceted operation.”
He also stated that “we are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims.”
Sebastien Vachon-Desjardins, who lives in the Gatineau city of Canada, was charged, against extortion of $27.6 million ransom payments in the form of cryptocurrency, in the state of Florida. The Department of Justice in a post said, “substantial assistance was provided by the Department of Justice’s Office of International Affairs. Additionally, the Bulgarian National Investigation Service and General Directorate Combating Organized Crime provided substantial assistance in the seizure of the dark web hidden resource. Authorities in Bulgaria also seized a dark web hidden resource used by NetWalker ransomware affiliates to provide payment instructions and communicate with victims. Visitors to the resource will now find a seizure banner that notifies them that it has been seized by law enforcement authorities.”
Since the site has been taken down, if accessed, it displays a notification that explains that the website has been seized by the law enforcement agencies. In a blog by Chainalysis on this topic, explained that “Chainalysis has traced more than $46 million worth of funds in NetWalker ransoms since it first came on the scene in August 2019. It picked up steam in mid-2020, growing the average ransom to $65,000 last year, up from $18,800 in 2019.”
The Department of Justice also notifies that “NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Attacks have specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims.”
Prior to the takedown, the NetWalker overseer, who known by the name Bugatti, on darknet discussions, posted a notice in May 2020 searching for extra Russian-talking associates as a feature of a change to a ransomware-as-a-service (RaaS) model, utilizing the accomplices to sacrifice targets and take information prior to encoding the documents.
The NetWalker administrators have likewise been an essential part for a developing ransomware pattern called Double Extortion, in which the assailants hold the breached information and threaten the victim to distribute the data publicly in hope that the victim will pay the ransom. Once the casualty pays the ransom, it is divided equally between the developers and associates, the U.S. Division of Justice explained.
Researchers from Chainalysis believe that not only being involved in 91 cyberattacks utilizing Netwalker, Sebastien Vachon-Desjardins also worked for other operators of ransomware-as-a-service as an associate, including operators like Suncrypt, Sodinokibi and Ragnarlocker.
The takedown of the NetWalker ransomware linked website was revealed on the same day when the European specialists declared a planned takedown focusing on the Emotet network of crimeware-as-a-service. This botnet has been utilized by a number of cybercrime teams to convey second-stage malware, most eminently TrickBot and Ryuk.
“It’s important that cryptocurrency exchanges and government agencies continue to work together to prevent ransomware actors from cashing out their ill-gotten gains,” Chainalysis researchers concluded.