NetWalker ransomware affiliate sentenced to 20 years by Florida court

Naked Security has written and talked about Sebastien Vachon-Desjardins before, in both article and podcast form.

Vachon-Desjardins had been a federal government worker in the Canadian Capital Region (he comes from Gatineau in Quebec, directly across the river from the federal capital Ottawa in Ontario)…

…but he seems to have decided that joining the cybercrime underworld would be much more lucrative than his government job, and it seems that did indeed rack up a small fortune in illegal earnings.

He was tracked down, arrested, and convicted in his native Canada, and sentenced to nearly seven years in a Canadian prison.

Not long after starting his sentence, however, the Canadians released him from prison specifically so he could be extradited to Tampa, Florida, to face federal charges in the US.

As Chester Wisniewski put it in our March 2022 podcast on the topic:

Sebastien is temporarily “on loan” to the Americans, so they can punish him, but when he comes back, he still has to face his sentence here in Canada.

LEARN MORE ABOUT RECENT MALWARE BUSTS (FIRST SECTION)

Conviction and sentencing

Back in July 2022, Vachon-Desjardins decided to plead guilty in the US, with his plea document noting:

On or about January 27 and 28, 2021, the Royal Canadian Mounted Police executed search warrants at Vachon-Desjardins’ home and on safe deposit boxes held by Vachon-Desjardins at National Bank, Gatineau, Quebec.

During these searches, law enforcement seized, among other assets , all bitcoin contained in the defendant’s BTC Wallet 3Pxki6pFFKC12YSn8JtDs3ZrEg3pFTHnHd.

This seized bitcoin was derived primarily from ransom funds paid by victims of NetWalker Ransomware attacks.

The amount seized was just under BTC 720, worth about US$23 million in early 2021, and still worth about US$14 million today.

There was plenty more criminality to which Vachon-Desjardins admitted, however, with the court document going on to say:

Law enforcement identified and seized copies of the server that operated as the backend, or internal-facing, server of the NetWalker Tor Panel and the NetWalker Blog. This server contained detailed transactional information as to the NetWalker developers and affiliates. The transactional records revealed that during the course of the conspiracy, approximately 100 affiliates had been active, and victims had paid approximately 5058 bitcoin in ransoms (an approximate total of US$40 million based on the value of bitcoin at the time of each transaction).

These records also tied Vachon-Desjardins to the successful extortion of approximately 1864 bitcoin in ransoms (an approximate total of US$21.5 million based on the value of bitcoin at the time of each transaction) from dozens of victim companies across the world, including [a victim in Tampa, Florida].

This apparently identifies Vachon-Desjardins as a very significant NetWalker affiliate, responsible for more than 35% of ransom money extorted overall, and thus presumably also being responsible for about one-third of the group’s attacks.

He’s now been sentenced, with the Tampa Bay Times reporting that he’ll spend 20 years in a US prison.

According to the Tampa Bay Times, the judge in the case noted:

You have one of the worst cases I’ve ever seen. This is Jesse James meets the 21st century. [… This] is bad stuff. If you had gone to trial [i.e. had not pleaded guilty], I would have given you life.

When he’s finished his US prison sentence, Vachon-Desjardins will be returned north of the border to to finish his 7-stretch in Canada.

LEARN MORE ABOUT THE NETWALKER RANSOMWARE