SpearTip | January 28th, 2021

NetWalker ransomware group will be facing a tough road ahead after law enforcement brought the hammer down by discontinuing their dark web leak site and charging an affiliate in connection. The Department of Justice, FBI, U.S. Attorney’s Office for the Middle District of Florida and Bulgarian government agencies all worked together to disrupt NetWalker.

NetWalker operators are known to infiltrate networks, steal data, and then use double extortion tactics by releasing portions of data on to their dark websites to coerce victims to pay ransoms.

A Canadian NetWalker affiliate by the name of Sebastien Vachon-Desjardins is facing charges for his involvement in the operation. Although, his role in all of this hadn’t started until April of 2020 which tells us he was not connected to the original development of NetWalker.

Vachon-Desjardins is being held responsible for collecting over $27 million, but nearly half of a million dollars was seized in cyptocurrency.

NetWalker has targeted many different sectors when it comes to their victims. Universities, healthcare, and government agencies are all previously targeted entities by the gang. Their claim to fame is how tough they have been for healthcare institutions during the pandemic.

This is another big step for the greater battle against cybercrime, but since there is so much money to be made, more threat actors will surely come out of the woodwork and replace apprehended perpetrators like Vachon-Desjardins.

Earlier this week, we witnessed the takedown of one of the biggest malware botnets in the world, Emotet. It has been a great week in terms of pausing these operations and proving to threat actors they’re not invincible. Many of the stories that arise within the cybersecurity landscape don’t typically have a happy ending, but this week was different. Two of the more profitable ransomware groups took a massive hit.

The threat actors behind these operations will surely see the news surrounding Emotet and NetWalker. Even though this situation is an incredible breakthrough for many organizations globally, eventually, some threat actors and threat groups will look to fill the gap that has been created. For now, we celebrate the win and applaud the efforts of those in law enforcement and cybersecurity who worked to disassemble these groups. There is still work to do, so remaining vigilant is required for sustained success.

No executives want to have their company dismantled from under their nose, and one way to avoid this is by utilizing trusted endpoint detection response tools, like ShadowSpear, with certified engineers watching over your networks every hour of the day. Our Security Operations Center is based in the US and gives organizations and IT staff the ability to address security issues at any moment.