THREAD: Here’s a quick summary of our blog on today’s Netwalker disruption, which saw US authorities seize nearly $500K in crypto, disable a key Netwalker dark web resource, and arrest a prolific ransomware affiliate. bit.ly/2NJigAj
We’re proud to announce that Chainalysis played a role in today’s disruption of the Netwalker ransomware organization and arrest of a key affiliate. Get the details and see the blockchain analysis here! bit.ly/2NJigAj
1
8
1
14
First, some context: Ransomware skyrocketed in 2020. Our conservative estimate is that attackers extorted nearly $350M from victims, a 311% increase from 2019. Netwalker has been one of the most active strains in that time. bit.ly/2NJigAj

8:03 PM · Jan 27, 2021

1
1
0
0
Netwalker functions on the ransomware-as-a-service (RaaS) model, meaning its administrators allow independent “affiliates” to use Netwalker to carry out attacks in exchange for a cut of the proceeds. bit.ly/2NJigAj
1
0
0
1
Blockchain analysis of Netwalker wallets shows four “roles” that consistently receive set percents of most victim payments. Affiliates get 80% Administrators get 8-10% Two other commissioned roles get 2.5-5% bit.ly/2NJigAj
1
0
1
0
Blockchain analysis suggests that Netwalker has <20 unique affiliates. Many have received payments from many different ransomware strains. The Chainalysis Reactor exposure wheel below shows one affiliate’s breakdown of ransomware funds received by strain. bit.ly/2NJigAj
1
0
0
1
The affiliate arrested today is a Canadian national named Sebastien Vachon-Desjardins. He was allegedly involved in at least 91 Netwalker ransomware attacks since Apr 2020. These attacks netted him $14M worth of BTC, much of which has since grown in value. bit.ly/2NJigAj
1
2
0
4
Based on blockchain analysis, we also suspect Vachon-Desjardins was an affiliate for other strains such as Sodinokibi and Ragnar. The Reactor graphs below show his wallets receiving funds from those strains. bit.ly/2NJigAj
1
2
0
4
Chainalysis has labeled in our products the NetWalker victim payment addresses, and Chainalysis KYT and Kryptos customers with exposure to these addresses will receive alerts in real-time. bit.ly/2NJigAj
1
0
0
3
Want to learn more about ransomware? Sign up here to get our 2021 Crypto Crime Report, coming out this February. go.chainalysis.com/2021-Cryp… END OF THREAD
0
1
0
3