A former Canadian government employee this week agreed to plead guilty in the U.S. to charges related to his involvement with the NetWalker ransomware syndicate.

Sebastien Vachon-Desjardins, who was extradited to the U.S. on March 10, 2022, is accused of conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer.

The 34-year-old IT consultant from Gatineau, Quebec, was initially apprehended in January 2021 following a coordinated law enforcement operation to dismantle the dark web infrastructure used by the NetWalker ransomware cybercrime group to publish data siphoned from its victims. The takedown also brought its activities to a standstill.

A search warrant executed at Vachon-Desjardins’s home in Canada resulted in the seizure of 719 bitcoin, valued at approximately $28.1 million at the time, and $790,000 in Canadian currency. In February 2022, the Ontario Court of Justice sentenced him to six years and eight months in prison after he pleaded guilty to five criminal charges before his extradition to the U.S.

Stating that the defendant “excelled at what he did,” the court said that the individual “even improved upon the ransom messages used by NetWalker affiliates and eventually convinced the creator of NetWalker to use ‘mixing services’ to disguise funds paid for ransoms in Bitcoin.” The ruling also called him “good-looking, presentable, and instantly likeable.”

Attacks mounted by the NetWalker gang are believed to have targeted dozens of victims all over the world, specifically singling out the healthcare sector during the COVID-19 pandemic in an attempt to capitalize on the global crisis opportunistically.

It’s known to adopt the lucrative tactic of double extortion to steal sensitive personal information prior to encrypting it and hold that data hostage in return for a cryptocurrency payment or risk getting the information published online.

Vachon-Desjardins, in his capacity as one of the 100 affiliates for the NetWalker gang, is suspected to be linked to at least 91 attacks since April 2020, in addition to working for other RaaS groups like Sodinokibi (REvil), Suncrypt, and Ragnarlocker.

According to court documents filed in a district court in Florida, the NetWalker crew amassed 5,058 bitcoin in illegal payments (about $40 million at the time of the transaction), with Vachon-Desjardins named as “one of the most prolific NetWalker ransomware affiliates” and responsible for the extortion of about 1,864 bitcoin.

His role in the criminal scheme allegedly ranged from researching on victims and controlling the servers hosting tools for reconnaissance, privilege escalation, and data theft to operating accounts that posted the stolen data on the data leak site and receiving payouts after a successful attack.

The defendant, as part of the plea deal, has now agreed to forfeit all the digital assets held in his crypto wallet as well as dozens of equipment that consist of laptops, tablets, phones, gaming consoles, and external hard drives, among others.