With the help of global blockchain analyst firm Chainalysis, the United States government was able to dismantle a group of hackers who blocked systems from schools, businesses and hospitals and demanded cryptocurrency payments to release them. In the attacks, cyber criminals used ransomware – malicious software that infects computers – called Netwalker.
In a statement released on Wednesday (27), the country’s Justice Department said it had disrupted the group’s online structure and criminally prosecuted those involved. He also said he recovered about $ 500,000 in cryptocurrencies paid by the victims.
“We are responding to the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting the online crime infrastructure and, whenever possible, recovering extorted ransom payments from victims,” said Deputy Attorney General Nicholas L McQuaid.
Chainalysis, which detailed the process on its blog, provided the U.S. government with tools that allowed it to analyze the group’s transactions on the blockchain. The gang is estimated to have moved about $ 46 million since August 2019, when it was created. Worldwide, NetWalker claimed 305 victims in 27 different countries.
Financial ransomware pyramid
According to the US government, NetWalker operates in a format called ransomware-as-a-service. In short, in this model a hacker / developer creates ransomware and ‘rents’ it to other hackers / affiliates.
These hackers / affiliates, after having access to the malicious software, identify possible victims and carry out attacks. After targets pay for system ransoms, hackers, developers and affiliates share the amount of theft.
According to Chainalysis, the developer of the ransomware usually gets 8% to 10% of the value of the scam, affiliates responsible for the attack with 76% to 80% and affiliates with secondary roles are entitled to 2% to 5%.
One of the group’s members, according to the United States government, is a Canadian named Sebastien Vachon-Desjardins, who may be involved in 91 attacks. Alone, he raised about $ 27.6 million from the victims.
Chainalysis discovered at least 345 Vachon-Desjardins addresses on the blockchain. He made transactions on the network from February 2018 until Thursday.
This week, according to the US government, Bulgarian officials, who also collaborated with the investigations, seized devices from other affiliates on the dark web.
Ransomware victims paid $ 350 million in cryptocurrencies to hackers in 2020, 311% more than in the year 2019, according to Chainalysis. The number, according to the company, may be much higher, since there are cases of underreporting.
Only NetWalker funds registered on the blockchain have moved $ 46 million since August 2019, when it was created. In addition to this type of ransomware, there are others used by hackers, such as Ryuk, Maze, Dharma, Doppelpaymer, Defray777 and Sodinokibi.
At the end of last year, Japanese game developer Capcom was the target of a ransomware attack. The hackers asked for $ 11 million in bitcoin to return the system.