Canadian Hacker Sentenced to 20 Years in Prison by a U.S. court for his participation in a series of hacks connected to the NetWalker ransomware.

Canadian Hacker Sentenced to 20 Years in Prison! Sebastian Vachon-Desjardins, 35, was sentenced on Tuesday by the U.S. Department of Justice for his role as a major NetWalker ransomware affiliate. According to the department, he targeted dozens of victims worldwide, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges and universities.

The U.S. Department of Justice, in particular, explicitly highlights the use of NetWalker to target the healthcare industry during the COVID-19 outbreak.

Vachon-Desjardins was sentenced by U.S. District Judge William F. Jung in Tampa, Fla., on four charges to which he previously pleaded guilty: conspiracy to commit wire fraud, conspiracy to commit computer fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer.

Vachon-Desjardins must also forfeit $21.5 million as part of the decision.

The defendant selected and attacked high-value ransomware victims, profiting from the disruption created by encrypting and stealing the victims’ data, said Assistant Attorney General Kenneth A. Polite Jr. of the United States Justice Department’s Criminal Division in a press release published Tuesday.

The sentencing underscores that ransomware criminals will face serious repercussions for their actions. Furthermore, it exemplifies the Department’s unwavering commitment to prosecuting individuals who engage in ransomware schemes, he continued.

See Rhyno Cybersecurity in Action

What is NetWalker Ransomware?

The Netwalker ransomware is a rapidly spreading virus produced in 2019 by the cybercrime gang called ‘Circus Spider.’ Circus Spider is a newer member of the ‘Mummy Spider’ cybercriminal organization. On the surface, Netwalker behaves similarly to most other ransomware versions, gaining a foothold via phishing emails before exfiltrating and encrypting important data and holding it hostage for a huge ransom.

Netwalker, however, does more than only keep the victims’ data hostage. Circus Spider will leak a sample of the stolen material online to demonstrate their seriousness, saying that if the victim does not satisfy their demands on time, they will reveal the remainder on the dark web. Circus Spider exposed the key to a password-protected folder containing one victim’s sensitive data on the dark web.

Ransomware-as-a-Service (RaaS)

Circus Spider, like the Maze ransomware group, decided to make Netwalker a household brand in March 2020 and started growing its affiliate network. When they switched to a Ransomware-as-a-Service (RaaS) model, they were able to operate on a much grander scale, target more enterprises, and raise the magnitude of their ransoms.

RaaS entails recruiting affiliates to assist cybercriminal organizations in carrying out illicit actions. As previously said, Netwalker gained traction after a few huge wins. However, they were still modest compared to the other major ransomware groups until they implemented a RaaS model.

Circus Spider issued a clear set of requirements necessary to join their little gang of crooks or a criminal job advertisement, if you will.

According to the Canadian Centre for Cyber Security, ransomware is the most prevalent and growing cyber threat confronting Canadians.

Following his indictment by a federal grand jury in Florida, the Royal Canadian Mounted Police (RCMP) announced in March that Canada’s justice minister had ordered Vachon-Desjardins’ extradition to the United States.

Previously, the RCMP said that it has been investigating the NetWalker attacks since August 2020 after receiving intelligence and a request from the U.S. Federal Bureau of Investigation to assist in identifying the perpetrator.

In January 2021, police raided Vachon-Desjardins’ residence, seizing $790,000 in Canadian money and 719 bitcoin valued at around C$35 million.

The RCMP noted at the time that it was the greatest seizure of bitcoin by value in the nation to that point.

Vachon-Desjardins has previously faced criminal accusations in Canada comparable to those in the United States, including unauthorized computer usage, damage to computer data, extortion, and participation in a criminal organization.

According to the RCMP, he eventually pled guilty to the latter three. In January 2022, a Brampton, Ont. judge sentenced Vachon-Desjardins to seven years in jail, as well as forfeiture of 680 bitcoin, the majority of his confiscated computer equipment, and $742,840. The decision also includes a reparation order in the amount of more than $2.6 million for companies impacted by the ransomware attacks.

Sharing is Caring!

You are welcome to put this blog article on your website, provided you also append an active link to our website “Source: https://resources.rhyno.io

For media enquiries, contact us at media-enquiries@rhyno.io.


Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center