DoJ, Chainalysis work to break up ransomware network that targets hospitals

United States authorities have hit a major malware operator, with help from leading blockchain analytics firm Chainalysis.

On Wednesday, the Department of Justice announced the seizure of $454,530.19 in cryptocurrency from NetWalker, a ransomware operator the Federal Bureau of Investigation alleges to have targeted hospitals globally amid the COVID-19 pandemic. 

Piggybacking on the DoJ’s announcement was Chainalysis, which took the opportunity to advertise the firm’s involvement in tracking down NetWalker hardware in Bulgaria as well as Sebastien Vachon-Desjardins. The DoJ arrested Vachon-Desjardins, a Canadian national who it alleges to be an affiliate of the NetWalker network who garnered $27.6 million through its malware. 

The DoJ has yet to release a criminal complaint against any of those involved in NetWalker, presumably because, if its allegations are true, there is tens of millions of dollars out there yet to be seized. Chainalysis noted NetWalker’s business model of ransomware-as-a-service as particularly difficult to investigate because:

“Attackers known as affiliates ‘rent’ usage of a particular ransomware strain from its creators or administrators, who in exchange get a cut of the money from each successful attack affiliates carry out. RaaS has led to more attacks, making it even more difficult to quantify the full financial impact.”

The FBI initially flagged NetWalker as a threat to hospitals back in July 2020. At the time, the agency said it had first noticed the ransomware in March 2020, when COVID-19 lockdowns had come into place around the world. 

Ransomware has been on the rise over the course of the past year, as remote working has opened up new vulnerabilities in business networks or, in this case, in people’s willingness to click on questionable links in emails that offer potential information on COVID-19 conditions.

Law enforcement interest in ransomware has, correspondingly, increased. Alongside other investigative concerns, the rise in ransomware-tracing has been lucrative for firms like Chainalysis, which have seen an inflow of government contracts