A woman types on her laptop in Miami in a Monday, Dec. 12, 2016, photo illustration. An investigation into a scourge of NetWalker ransomware attacks has led to the arrest of a Canadian man, the U.S. Department of Justice said on Wednesday. According to an indictment, police in Florida charged Sebastien Vachon-Desjardins of Gatineau, Que., with illegally obtaining more than $27.6 million. THE CANADIAN PRESS/AP/Wilfredo Lee

A woman types on her laptop in Miami in a Monday, Dec. 12, 2016, photo illustration. An investigation into a scourge of NetWalker ransomware attacks has led to the arrest of a Canadian man, the U.S. Department of Justice said on Wednesday. According to an indictment, police in Florida charged Sebastien Vachon-Desjardins of Gatineau, Que., with illegally obtaining more than $27.6 million. THE CANADIAN PRESS/AP/Wilfredo Lee

Canadian man charged in U.S. with NetWalker ransomware attacks

The ransomware, like similar malware, often infiltrates computer networks via phishing emails

An investigation into a scourge of NetWalker ransomware attacks has led to the arrest of a Canadian man, the U.S. Department of Justice said on Wednesday.

According to an indictment, police in Florida charged Sebastien Vachon-Desjardins of Gatineau, Que., with illegally obtaining more than $27.6 million.

The accused is alleged to be part of a shadowy group of cyber criminals who have attacked several targets in Canada, including the College of Nurses of Ontario, a Canadian Tire store in B.C., and the Northwest Territories Power Corporation.

“Ransomware victims should know that coming forward to law enforcement as soon as possible after an attack can lead to significant results like those achieved in today’s multi-faceted operation,” Nicholas McQuaid, an acting assistant attorney general with the Justice Department, said in a statement.

U.S. authorities said they had seized about US$455,000 in cryptocurrency from ransom payments in three separate attacks. They also said authorities in Bulgaria had disabled a “dark web” resource used to communicate with NetWalker ransomware victims.

NetWalker operates as a so-called ransomware-as-a-service model, featuring “developers” and “affiliates,” who split the proceeds of any ransom paid. Experts say NetWalker attacks really took off last March as the criminals exploited fears of COVID-19 and people working remotely.

The ransomware, like similar malware, often infiltrates computer networks via phishing emails. Such messages masquerade as genuine, prompting users to provide log-in information or inadvertently download malware.

Earlier ransomware attacks focused on encrypting a target’s files — putting them and even backups out of reach. Increasingly, attackers also threaten to publish sensitive data stolen during the time spent inside an exploited network before encryption and detection.

Once a victim’s computer network is compromised and the data encrypted and downloaded, the NetWalker criminals demand money to return system access. If victims refuse, they might never regain their data or, more frequently now, the information is made public.

NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges and universities. Recent attacks have specifically targeted the health-care sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims.

Brett Callow, a Vancouver Island-based threat analyst with cybersecurity firm, Emsisoft, said the group had made millions. In one case last year, they extorted $1.4 million from a California university.

Police urged any victims to contact law enforcement right away.

“This case illustrates the FBI’s capabilities and global partnerships in tracking ransomware attackers, unmasking them, and holding them accountable,” Special Agent Michael McPherson, with the FBI’s field office in Tampa, Fla., said.

Colin Perkel, The Canadian Press

hackers

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Forty-seven vaccination clinics will open across Interior Health beginning March 15. (Canadian Press)
48 COVID-19 vaccine clinics to open across Interior Health

Select groups can book appointments starting Monday

(File photo)
COLUMN: How to help your young reluctant reader

Library has resources to help children

(Pacific Coastal Airlines photo)
Potential COVID-19 exposure on March 1 Penticton flight

Interior Health lists a public exposure for the Pacific Air Flight from Vancouver on March 1

Seniors in the Interior Health region can book their COVID-19 vaccinations starting Monday, March 8, 2021 at 7 a.m. (File photo)
Seniors in Interior Heath region can book COVID-19 shots starting Monday

Starting March 8 the vaccination call centre will be open 7 a.m. to 7 p.m. daily

C.E. “Ned” Bentley owned a garage on Shaughnessy Avenue, now Lakeshore Drive in Summerland. Bentley later went on to serve on Summerland’s council and was recognized with the Good Citizen Award in 1939. (Summerland Museum photo)
Former Summerland reeve once ran garage

C.E. “Ned” Bentley was a prominent figure in Summerland’s past.

Elvira D’Angelo, 92, waits to receive her COVID-19 vaccination shot at a clinic in Montreal, Sunday, March 7, 2021, as the COVID-19 pandemic continues in Canada and around the world. THE CANADIAN PRESS/Graham Hughes
‘It’s been a good week’: Tam hopeful on vaccines as pandemic anniversary nears

Tam says the addition of two new vaccines will help Canadians get immunized faster

Const. Allan Young. Photo: Abbotsford Police Department
Manslaughter charge laid in Nelson death of Abbotsford police officer

Allan Young died after an incident in downtown Nelson last summer

Kelowna General Hospital (File photo)
One of two Kelowna General Hospital COVID-19 outbreaks declared over

One outbreak declared over after two deaths, seven cases; another outbreak remains ongoing in the hospital

Cottonwoods Care Home in Kelowna. (Google Maps)
COVID-19 outbreak declared at Kelowna care home after 12 cases noted

Two staff members and 10 residents at Cottonwoods Care Centre have tested positive for COVID-19

There is no true picture of how many youth in Penticton are experiencing housing instability or true homelessness. The Foundry and the city of Penticton are trying to find that out.
How many youth are experiencing homelessness in Penticton?

Foundry Penticton and the City have partnered on a youth survey open until March 13

Chelsea Ishizuka was borned and raised in Penticton but has now moved to Japan. When she found out there was a popular restaurant there named after Penticton, she had to go check it out. Here she is with the owner (right). (Facebook)
Popular restaurant in Japan named after city of Penticton

A Pentictonite now living in Tokyo discovered the eatery and the history behind its name

Coldstream’s Kalamalka Secondary has teamed up with Globox on a fundraising raffle for its graduating class of 2021. (Photo supplied)
Okanagan secondary school grads glowing over fundraiser

Kalamalka Secondary teams with company on fundraising raffle, replacing annual apple pie fundraiser

(The Canadian Press)
‘Worse than Sept. 11, SARS and financial crisis combined’: Tourism industry in crisis

Travel services saw the biggest drop in active businesses with 31 per cent fewer firms operating

Pictures and notes in from friends and classmates make up a memorial in support and memory of Aubrey Berry, 4, and her sister Chloe, 6, during a vigil held at Willows Beach in Oak Bay, B.C., on December 30, 2017. THE CANADIAN PRESS/Chad Hipolito
Mother of slain daughters supports recent changes to Canada’s Divorce Act

Sarah Cotton-Elliott said she believed her children took a back seat to arranging equal parenting

Most Read