Bulgarian authorities seized a dark website NetWalker affiliates are using to tell victims how they can pay a ransom earlier this week, according to the DOJ. This site now displays a banner with a notice that it has been seized by authorities. A Canadian national from Gatineau named Sébastien Vachon-Desjardins was also charged in a Florida court, accusing him of obtaining more than $ 27.6 million from NetWalker-related activities as an affiliate. Finally, on January 10, authorities managed to get their hands on $ 454,530.19 worth of cryptocurrency, which is made up of payments made by three NetWalker victims.
However, it was only a tiny fraction of the money that changed hands due to the ransomware. As KrebsOnSecurity Notes, Chainalysis has tracked over $ 46 million in NetWalker ransoms since it first emerged in August 2019. Acting Deputy Attorney General Nicholas L. McQuaid encourages victims to come forward as soon as possible after an attack, as it could lead to results significant. He said:
“We are responding to the growing threat of ransomware not only by bringing criminal charges against the perpetrators, but also by disrupting the criminal infrastructure online and, where possible, recovering ransom payments extorted from victims. Ransomware victims should be aware that reporting to law enforcement as soon as possible after an attack can lead to significant results like those achieved in today’s multifaceted operation. “
The DOJ announcement was made the same day Europol revealed that authorities in the United States, Canada and several European countries have disrupted Emotet’s infrastructure. It is known as one of the “most dangerous” botnets in the world because it avoids antivirus tools and can be used to spread ransomware and other malware.