Pierluigi Paganini December 21, 2024

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks, pleading guilty to fraud charges in June.

Romanian national Daniel Christian Hulea, 30, was sentenced to 20 years in prison for his role in NetWalker ransomware attacks. Hulea pleaded guilty to computer fraud conspiracy and wire fraud conspiracy on June 20 for his role in the NetWalker ransomware attacks against organizations worldwide, including healthcare during COVID-19. The man admitted to extorting 1,595 bitcoin (~$21.5M) in ransom payments.

“A Romanian man was sentenced today for his role in the NetWalker ransomware attacks to 20 years in prison and ordered to forfeit $21,500,000 and his interests in an Indonesian limited liability company and associated luxury resort property under construction in Bali, Indonesia — a business venture he financed with proceeds from the attacks.” reads the press release published by DoJ. “He was also ordered to pay $14,991,580.01 in restitution.”

Romanian authorities arrested Daniel Hulea on July 11, 2023, in Cluj, and extradited him to the U.S. under the U.S.-Romania extradition treaty.

The NetWalker ransomware group has been active since 2019, it was operating using the Ransomware-as-a-Service (RaaS) model.

The list of victims of the group is long, it includes Pakistan’s largest private power company K-Electric, Argentina’s official immigration agency, Dirección Nacional de Migraciones, and the University of California San Francisco (UCSF), the latter paid a $1.14 million ransom to recover its files.

In August 2020, the FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. and foreign government organizations.

NetWalker is also believed to have been responsible for compromising the network of the University of California San Francisco (UCSF), which paid over $1 million to recover from the incident. In July, the FBI warned of NetWalker attacks targeting government organizations.

The Department of Justice also charged against the Canadian national Sebastien Vachon-Desjardins in relation to NetWalker ransomware attacks, he is alleged to have obtained at least over $27.6 million as a result of the offenses charged in the indictment. The law enforcement also seized $454,530.19 in cryptocurrency obtained from ransom payments.

In January 2021, law enforcement authorities in the U.S. and Europe seized the dark web sites used by NetWalker ransomware operators. The authorities also charged a Canadian national involved in the NetWalker ransomware operations.

“The Department of Justice today announced a coordinated international law enforcement action to disrupt a sophisticated form of ransomware known as NetWalker.” reads the press release published by DoJ.

“NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Attacks have specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)