Share this article
US Government Takes Aim at NetWalker Ransomware Attacks
Prosecutors indicted an alleged NetWalker affiliate and coordinated the takedown of darkweb resources.
By Danny Nelson
Updated Sep 14, 2021, 11:02 a.m. Published Jan 28, 2021, 7:54 p.m.
Federal prosecutors struck back at a favorite tool of the ransomware community Wednesday, indicting one alleged NetWalker user, a Canadian national named Sebastien Vachon-Desjardins, on wire fraud, hacking and network extortion charges, and coordinating the takedown of a victim guidebook hosted on the darkweb.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
The action, which included assistance from Bulgarian authorities, is the U.S. government's first public assault against a malicious software that's booming in popularity. Ransoms against schools, hospitals, businesses and governments netted NetWalker attackers tens of millions of dollars in 2020.
NetWalker burrows into and encrypts victim computers, only releasing its hold once victims pay a ransom - usually in bitcoin. It follows the ransomware-as-a-service model, making the individual hackers (affiliates) who deploy the attack lock down the computer and demand the ransom akin to franchisees who share their profits with corporate (the ransomware developer).
Read more: NetWalker Ransomware Gang Is Storing $7M in Bitcoin in SegWit Cold Storage
Sebastien Vachon-Desjardins is alleged to have been one such affiliate. Prosecutors said he held a Florida-based company's computers hostage with NetWalker in violation of federal law. Prosecutors also demanded forfeiture of $27 million accrued through his alleged ransomware crimes.
Vachon-Desjardins mounted at least 91 NetWalker heists from April 2020 onward, blockchain tracing company Chainalysis said, citing government partners. In a Wednesday blog post the firm said Vacho-Desjardins' associated wallet addresses have allegedly banked more than $14 million in bitcoin since February 2018, a trove now worth $27 million.
Chainalysis CSO Jonathan Levin told CoinDesk Vachon-Desjardins' transactions offer a window into the workings of the underground ransomware economy. Chainalysis has followed $46 million in illicit ransomware bitcoin flows since 2019.
"The transparency of the blockchain really enables you to see not only the affiliates that are dealing with NetWalker, but also the affiliates that are actually using the other ransomware-as-a service strains. So we can see links between different ransomware strains via common affiliates of the different strains," he said.
NetWalker attacks are unlikely to abate with the removal of a single affiliate, he said.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
XRP Slides as Traders Take Bitcoin Profits, With ETF Flows Still Strong
Institutional flows surged 54% above the weekly average, indicating strategic selling rather than retail panic.
What to know:
- XRP fell from $2.09 to $2.00, marking a 4.3% decline and underperforming the broader crypto market.
- Institutional flows surged 54% above the weekly average, indicating strategic selling rather than retail panic.
- Despite ETF inflows, XRP struggles to break the $2.09–$2.10 resistance, maintaining a tight trading range.
Top Stories
