American justice on Wednesday got hold of a hacker who allegedly extracted $ 35 million from many companies and large organizations using ransomware, from his modest home in Gatineau.
• Read also: The world’s worst malware dismantled
Royal Canadian Mounted Police and Gatineau police officers apprehended Sébastien Vachon-Desjardins, 33, at his home during a joint intervention. The FBI suspects him of pocketing US $ 27.6 million (CAN $ 35 million) in ransoms thanks to NetWalker malware.
Vachon-Desjardins is a computer technician and has previously worked for the federal government and the University of Ottawa. But he is also a confirmed drug trafficker, accused of selling drugs and possession of property obtained by crime in a case still in progress.
In 2015, he had already received a 42-month prison sentence for drug trafficking.
According to a judgment on his provisional release, his residence was used as a hiding place.
Gatineau police seized no less than 137 pounds of marijuana, 60,756 methamphetamine tablets, nearly 9 kg of hashish, 146 grams of high purity cocaine, 13,627 tablets of ecstasy, $ 24,000 in crystal meth. », $ 29,020 in cash and a money counting machine.
During the hearings, the father of Vachon-Desjardins had certified that he would have “an eye on him” and posted a bond of $ 10,000. It was not enough: the judge then refused to release him.
Our Bureau of Investigation was able to speak with his father on Wednesday. He was completely ignorant of the American accusations against his son.
“I don’t know if you are able to place yourself in our situation,” he said. In shock, he had to hang up.
Listen to Pierre Nantel’s interview with Hugo Joncas, journalist at the Investigation Bureau, on QUB radio:
In the case for which he was arrested on Wednesday, a Florida prosecutor describes Vachon-Desjardins as an “affiliate” of NetWalker.
According to the explanation of the US Department of Justice (DoJ), affiliates identify high value targets and attack them using ransomware designed by “developers”.
“When a victim pays the ransom, developers and affiliates share it,” the DoJ said in a statement.
The Americans add that they seized US $ 454,530 in cryptocurrency as part of their operation.
Bulgaria also participated in the survey. Authorities in that country seized a hidden website (dark web) used by NetWalker “affiliates” to provide payment instructions to victims.
Ransomware has hit numerous targets in recent months, including Sollio (formerly La Coop fédérée), computer company Xpertdoc and a subsidiary of restaurant chain MTY.
Outside Quebec, NetWalker also targeted the Ontario College of Nurses and the University of California at San Francisco.
The authorities did not specifically name the victims of Vachon-Desjardins.
Typically, NetWalker hackers enter organizational networks for weeks before unleashing the real attack.
During this time, the data on the servers is copied.
The hackers then encrypt the information and send the ransom note.
Cyber threat analyst at the antivirus firm Emsisoft, Brett Callow is delighted with the operation. “It’s a significant achievement for the good guys, especially if the FBI was able to get the decryption keys to help victims recover their data. ”
Netwalker in brief
Over the past several months, hackers have used Netwalker malware to successfully attack several large organizations around the world.
In Quebec, the victims include Sollio Groupe coopératif (formerly the Coop fédérée), the IT company Xpertdoc and Kahala Brands, a subsidiary of the MTY restaurant chain.
In the USA, the cybercriminals used it to extract a ransom of US $ 1.14 million from the University of California at San Francisco.
Do you have information on cybersecurity?
Contact our reporter.