A Romanian national, Daniel Christian Hulea, was recently sentenced to 20 years in prison for his involvement in the NetWalker ransomware attacks. Hulea, aged 30, pleaded guilty to computer fraud conspiracy and wire fraud conspiracy back in June. The charges against him were related to his role in the NetWalker ransomware attacks targeting various organizations worldwide, including healthcare facilities during the COVID-19 pandemic. In his confession, Hulea acknowledged extorting 1,595 bitcoins, equivalent to around $21.5 million, in ransom payments.
The Department of Justice (DoJ) released a statement highlighting the severity of Hulea’s actions. In addition to his prison sentence, he was ordered to forfeit $21.5 million and relinquish his interests in an Indonesian limited liability company and a luxury resort property in Bali, Indonesia. He was also directed to pay restitution amounting to $14,991,580.01.
Hulea was arrested in Cluj by Romanian authorities on July 11, 2023, and later extradited to the U.S. under the U.S.-Romania extradition treaty. The NetWalker ransomware group, operating since 2019, utilized the Ransomware-as-a-Service (RaaS) model to carry out its attacks.
The list of victims targeted by the NetWalker group is extensive and includes well-known organizations such as K-Electric in Pakistan, Argentina’s official immigration agency, Dirección Nacional de Migraciones, and the University of California San Francisco (UCSF). Notably, UCSF paid a ransom of $1.14 million to retrieve its files.
In August 2020, the FBI issued a security alert warning about NetWalker ransomware attacks targeting U.S. and foreign government entities. Moreover, the FBI cautioned government organizations in July regarding potential NetWalker attacks.
The law enforcement efforts extended beyond Hulea, as Canadian national Sebastien Vachon-Desjardins faced charges related to NetWalker ransomware attacks. Vachon-Desjardins was alleged to have acquired over $27.6 million from the offenses detailed in the indictment. Law enforcement authorities also seized $454,530.19 in cryptocurrency derived from ransom payments.
In a joint operation in January 2021, law enforcement agencies in the U.S. and Europe took down the dark web sites used by NetWalker ransomware operators. These actions were part of a broader initiative aimed at disrupting the NetWalker ransomware operations.
NetWalker has caused significant harm to various victims, including companies, municipalities, hospitals, law enforcement agencies, emergency services, school districts, colleges, and universities. The attacks disproportionately targeted the healthcare sector during the COVID-19 crisis, exploiting the vulnerabilities exposed by the global pandemic to extort ransom from victims.
The sentencing of Hulea and the ongoing efforts to combat the NetWalker ransomware operations serve as a stark reminder of the serious consequences of engaging in cybercrime. As authorities continue to crack down on such activities, the hope is to deter potential cybercriminals and protect organizations from falling victim to malicious ransomware attacks.