Canadian in US court admits to $27m ransomware campaign with Russian cyber-gang

Sébastien Vachon-Desjardins

Share this content

When he was arrested he had Bitcoin worth $27 million and admits he “was one of the most prolific NetWalker Ransomware affiliates” working for the Russian gang

A former Canadian federal public servant who pleaded guilty in Canada after a ransomware investigation that netted millions of dollars’ worth of seized bitcoin has now pleaded guilty to similar charges in the United States.

Sébastien Vachon-Desjardins from Quebec was arrested by the Royal Candian Mounted Police in January last year on allegations he was a key figure in an international ransomware ring known as NetWalker.

Now Vachon-Desjardins, from Quebec, has agreed to plead guilty in a Florida court to being a high-level hacker with a Russian cyber-crime group.

The 34-year-old was affiliated to the NetWalker ransomware crew, which has attacked companies, municipalities, hospitals, schools and universities.

When he was arrested, police discovered he was in possession of $27m (£22.2m) in Bitcoin.

The case represents a rare example of a successful arrest and prosecution of a hacker working for a Russia-based cyber-crime group, according to the BBC news website. US court documents state that the Canadian was one of NetWalker’s most prolific affiliates.

NetWalker is alleged to have targeted businesses and other institutions by encrypting data on their systems, and then holding that data for ransom. It’s also alleged it accessed and stole sensitive personal information about employees, clients and users.

After the RCMP arrest, Vachon-Desjardins was charged with mischief in relation to computer data, unauthorized use of a computer, extortion and participating in a criminal organization.

In January this year, he pleaded guilty via video in an Ontario courtroom to all but the unauthorized use of a computer charge, and was sentenced to seven years in prison.

The CBC news website reports that the RCMP and Department of Justice said in March that Vachon-Desjardins faced similarr charges in the USA and he was extradited that month.

In Florida court documents dated 23 May, Vachon-Desjardins pleaded guilty to four charges. The government recommends he get a lesser penalty when he is sentenced.

Vachon-Desjardins agreed to forfeit about $21.5 million US remaining from proceeds of these crimes, along with 27.65 bitcoins, and co-operate with other investigations.

As part of the agreement, he agrees he “was one of the most prolific NetWalker Ransomware affiliates.”

The RCMP’s investigation into Vachon-Desjardins began in August 2020 when the FBI asked for help to identify a Canadian suspect in its NetWalker investigation.

Those Florida court documents show Vachon-Desjardins infiltrated an unnamed company in Tampa on April 30, 2020.

That company, referred to as Victim 1 in the documents, spent about $1.2 million US to get back to normal instead of paying the $300,000 US demanded in a note Vachon-Desjardins sent.

Evidence the FBI gave to the RCMP allowed it to start its own probe into whether crimes had been committed in Canada. 

Read the full BBC News report HERE

Read the full CBC report HERE

Read the full US Department of Justice documents HERE

Return to Security Journal Americas NEWS INDEX

Receive the latest breaking news straight to your inbox