Skip to main content

International Operation Disrupts Ransomware Group Netwalker by Tracing Cryptos With the Help of Blockchain Analysis

International Operation Disrupts Ransomware Group Netwalker by Tracing Cryptos With the Help of Blockchain Analysis

In collaboration with Bulgarian authorities, the U.S. Department of Justice (DOJ) disrupted a well-known ransomware gang’s infrastructure. Law enforcement seized their servers and traced the illicit funds with the help of blockchain forensic analytics via Chainalysis.

US Authorities Seized Over $454,000 Worth of Cryptocurrencies

Per the U.S. Department of Justice’s announcement, the coordinated action took down Netwalker, a highly active ransomware group over the last year, specifically targeting the health care sector.

The U.S. authorities also indicted a Canadian national, Sebastien Vachon-Desjardins, who allegedly obtained $27.6 million as a “Netwalker affiliate.”

The authorities seized a server that hosted their site on the dark web, where the gang redirected their victims to arrange the ransom negotiations. Moreover, the U.S. DOJ said that $454,530.19 in cryptocurrency from ransom payments were seized.

With the support of blockchain analysis, law enforcement took advantage of investigative tools of Chainalysis to trace Netwalker transactions. In fact, the blockchain firm had traced more than $46 million worth of funds in Netwalker ransoms since it first came on the scene in August 2019.

The U.S. authorities believe the ransomware gang targeted 205 victims from 27 different countries during its lifetime, including 203 in the U.S.

Speaking with news.Bitcoin.com, Brett Callow, threat analyst at malware lab Emsisoft, commented on the authorities’ action against Netwalker:

Ransomware groups have operated with almost complete impunity for a very long time, which means there’s very little deterrent. The rewards are enormous, while the risks are small. The action against Netwalker changes that. In addition to disrupting the group’s revenue stream, it also sends a clear message that cybercriminals are not beyond the reach of the law. Will that create a deterrent? No, but it’s certainly a step in the right direction.

Netwalker ransomware works with an affiliate scheme, where external people could deploy the ransomware and share revenues with the gang. Chainalysis elaborates on what the blockchain analysis unveiled about the infrastructure:

Typically, there are four roles that receive proceeds from Netwalker attacks: the likely administrator or developer (8-10%), the affiliate (76-80%), and two commissioned roles (2.5%-5% each). An affiliate, like Vachon-Desjardins, is usually responsible for obtaining access to the victim network and deploying the malware. There are also cases when one wallet gets 100% of the payment, which we believe belongs to the Netwalker administrator and indicates that he or she may also be directly involved in some of the attacks.

The analytical firm says that there were fewer than 20 unique affiliates. Some of them rarely deployed the ransomware, while others moved on to other similar ransomware strains. That’s why a tool used by the authorities named Chainalysis Reactor traced payments received by the affiliates from other variants.

To confirm the fact that some affiliates moved to other strains, Chainalysis found out that Netwalker administrator published an advertisement on darknet forums. The admin was seeking new affiliates, as vacancies “had freed up.”

Tracing Suspected Netwalker Affiliate

On how the authorities traced Vachon-Desjardins’ activities, Chainalysis explained:

Blockchain analysis revealed at least 345 addresses associated with Vachon-Desjardins going back to February 2018 with transactions continuing to the date of this writing (January 27, 2021). He allegedly received more than $14 million worth of bitcoin at the time of receipt of the funds, ultimately possessing at least $27.6 million given its rising value.

Citing government partners, Chainalysis claims Vachon-Desjardins was involved in at least 91 attacks using Netwalker ransomware since April 2020, deploying the malware as an affiliate and receiving 80% of the ransom. The analytical firm also suspects the alleged Netwalker affiliate was involved in the deployment of other ransomware strains.

What do you think about this massive operation against the Netwalker ransomware gang? Let us know in the comments section below.



from Bitcoin News https://ift.tt/3ai7VTq

Comments

Popular posts from this blog

Deep Web Roundup: Dream Adds Monero and Bitcoin Tumbler “Chip Mixer” Launches

The darknet has been quiet of late, which is the way it’s meant to be. No news means no mega busts, honeypots, or mass market shutdowns. Even when it’s out of the spotlight though, the deep web is quietly making news, whether trialling the latest privacy coins or the newest coin mixers that promise to restore a little of the privacy that’s being stripped away from bitcoin users on a daily basis. Also read: U.S. Agency ICE Conducts Investigations That Exploit Blockchain Activity The Battle for Privacy Heats Up Privacy is all relative, but of late there’s been relatively little privacy to be enjoyed by bitcoin users. Blockchain monitoring software is becoming more sophisticated and more common, with U.S. law enforcement agencies using it to profile and hunt down deep web users. Chip Mixer is a relatively new bitcoin tumbler that’s designed to restore some of that privacy. Available on both the clearnet and darknet, the service uses a variety of techniques to obfuscate blockchain m...

International Crypto Exchange Luno Adds Bitcoin Cash Trading

Luno exchange has added bitcoin cash trading to the platform following feedback from its client base. BCH is now only the third cryptocurrency available for trading on the exchange, in addition to BTC and ETH , but more options could be on the way once Luno determines that they are credible enough. Also Read: Bitflyer Adds Bitcoin Cash Trading Across Europe and the US Luno Adds Bitcoin Cash Trading Luno, the London-headquartered company formerly known as Bitx, recently announced that bitcoin cash was made available on its cryptocurrency exchange. Starting from Monday, September 23, customers at Luno are now able to store, buy and sell BCH on the platform. The reason given for adding BCH to the exchange is feedback from users in developing markets that convinced Luno to expand their offering from previously just BTC and ETH . Marcus Swanepoel, CEO of Luno, said , “We are in a new and exciting financial era. Developing economies are leading the large-scale adoption and appli...

Ombudsman Receives Complaints About Crypto Investments in Spain

The Spanish ombudsman has been receiving complaints about cryptocurrency and how some Spanish citizens investing in these vehicles have lost everything. In his annual report, Angel Gabilondo recognized the rise of cryptocurrencies as a new problem due to the little or no regulation crypto sees in the country. In the same way, the EU has also warned about these assets recently. Spanish Ombudsman Gives His Take on Crypto Angel Gabilondo, the Spanish ombudsman, has given his take regarding cryptocurrencies and the effects they have on citizens investing in some of these projects. Gabilondo said in his yearly report that cryptocurrencies have become “a new problem” during the year examined, with many people having lost all of their funds invested. The report states : Cryptocurrency exchange companies or platforms are not regulated in the legal system, are not subject to any public supervision system, nor do they benefit from deposit guarantee systems. The affected users that sought...