The U.S. Department of Justice today announced the arrest of a Canadian citizen who operated the Netwalker ransomware and the overturning of the ‘.onion’ addresses he maintained on the deep web for publishing victims’ data after they refused to pay. the rescue. NetWalker claimed a large number of victims, including Enel, the Argentine Immigration Department, Equinix and many other companies, city halls, hospitals, police stations, emergency services, school districts, colleges and universities.
The Justice Department’s action against NetWalker includes the seizure of $ 454,530.19 in cryptocurrency obtained in ransom payments, which were in the hands of Sebastien Vachon-Desjardins, of Gatineau, the Canadian citizen. Desjardins reportedly obtained at least more than $ 27.6 million as a result of the crimes listed in the prosecution.
NetWalker operates as a model called ransomware-as-a-service, made up of “developers” and “affiliates”. Developers are responsible for creating and updating the ransomware and making it available to affiliates. Affiliates are responsible for identifying and attacking high-value victims with ransomware, according to the suspect’s testimony. After the victim pays, the developers and affiliates share the ransom.
Actors who deploy NetWalker generally gain unauthorized access to the victim’s computer network days or weeks before the delivery of the ransom note. During that time, they elevate their privileges within the network while spreading ransomware from workstation to workstation. They then send the ransom note only when they are convinced that they have infiltrated enough of the victim’s network to extort payment, according to the suspect’s testimony.
With international agencies
See the original post at: https://www.cisoadvisor.com.br/operador-do-ransomware-netwalker-preso-sites-onion-derrubados/?rand=59039