Law enforcement announced global action against NetWalker Ransomware

Pierluigi Paganini January 27, 2021

A joint operation of U.S. and EU law enforcement authorities allowed the seizure of the leak sites used by NetWalker ransomware operators.

Law enforcement authorities in the U.S. and Europe have seized the dark web sites used by NetWalker ransomware operators. The authorities also charged a Canadian national involved in the NetWalker ransomware operations.

“The Department of Justice today announced a coordinated international law enforcement action to disrupt a sophisticated form of ransomware known as NetWalker.” reads the press release published by DoJ.

“NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Attacks have specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims.”

The group has been active since 2019, the NetWalker ransomware has been offered with the Ransomware-as-a-Service (RaaS) model.

The list of victims of the group is long, it includes Pakistan’s largest private power company K-ElectricArgentina’s official immigration agency, Dirección Nacional de Migraciones, and the University of California San Francisco (UCSF), the latter paid a $1.14 million ransom to recover its files.

In August 2020, the FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. and foreign government organizations.

NetWalker is also believed to have been responsible for compromising the network of the University of California San Francisco (UCSF), which paid over $1 million to recover from the incident. In July, the FBI warned of NetWalker attacks targeting government organizations.

The Department of Justice also charged against the Canadian national Sebastien Vachon-Desjardins in relation to NetWalker ransomware attacks, he is alleged to have obtained at least over $27.6 million as a result of the offenses charged in the indictment. The law enforcement also seized $454,530.19 in cryptocurrency obtained from ransom payments.

Bulgarian authorities seized a dark website used by NetWalker affiliates to communicate with victims.

netwalker ransomware site seizure

“This case illustrates the FBI’s capabilities and global partnerships in tracking ransomware attackers, unmasking them, and holding them accountable for their alleged criminal actions,” said Special Agent in Charge Michael F. McPherson of the FBI’s Tampa Field Office. “If you are a victim of ransomware, contact your local FBI field office or submit a tip to You can also file a complaint with the FBI’s Internet Crime Complaint Center at”

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment