DoJ & Chainalysis Partner to Hunt Down NetWalker Ransomware that Targeted Hospitals
The U.S Department of Justice (DoJ) said on Wednesday that it has managed to disrupt notorious ransomware dubbed Netwalker. This operation was done in collaboration with Bulgarian authorities and intelligence firm Chainalysis which provided the resources for tracking the malicious operations and players.
A Canadian national by the name of Sebastien Vachon-Desjardins has since been arrested and charged for using the Netwalker ransomware to acquire $27.6 million worth of crypto assets. The Netwalker hardware was tracked down in Bulgaria and DoJ said that they managed to seize $454,530.19 in cryptocurrencies. Notably, ransomware attacks in crypto increased by 311% to hit $350 million in 2020 according to Chainalysis.
The new developments by the DoJ in collaboration with Bulgaria’s authorities’ further reveal a growing trend in ransomware attacks, especially those that target nascent industries like crypto. Per the Chainalysis Netwalker breakdown, this sophisticated ransomware operates as a ransomware-as-a-service (Raas). Attackers assume the role of affiliates where they pay a commission to administrators, after successful attacks.
“Attackers known as affiliates ‘rent' usage of a particular ransomware strain from its creators or administrators, who in exchange get a cut of the money from each successful attack affiliates carry out. RaaS has led to more attacks, making it even more difficult to quantify the full financial impact.”
The FBI discovered this ransomware mid-last year; at the time, main targets included hospitals with the pandemic presenting an opportunity to strike. Other institutions like companies, universities, and municipalities have also fallen victim to the Netwalker ransomware attacks.
Well, it seems like authorities have finally caught up with the sophisticated attackers. Acting Assistant AG Nicholas L McQuaid said that they are on top of the matter from all angles;
“We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims.”