{"id":35518,"date":"2021-01-28T14:46:11","date_gmt":"2021-01-28T12:46:11","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=35518"},"modified":"2025-08-29T01:41:07","modified_gmt":"2025-08-28T22:41:07","slug":"us-and-bulgarian-authorities-report-successful-operation-against-netwalker-ransomware","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/us-and-bulgarian-authorities-report-successful-operation-against-netwalker-ransomware\/","title":{"rendered":"US and Bulgarian authorities report successful operation against NetWalker ransomware"},"content":{"rendered":"<p>US authorities, together with Bulgarian law enforcement, conducted an operation aimed at disrupting the NetWalker ransomware.<!--more--><\/p>\n<p>\\n<\/p>\n<blockquote class=\\\"twitter-tweet\\\"><p>\\n<\/p>\n<p dir=\\\"ltr\\\" lang=\\\"en\\\">Department of Justice Launches Global Action Against NetWalker Ransomware<a href=\\\"https:\/\/t.co\/T18MDI8v1x\\\">https:\/\/t.co\/T18MDI8v1x<\/a> <a href=\\\"https:\/\/t.co\/1L1gcIrsCK\\\">pic.twitter.com\/1L1gcIrsCK<\/a><\/p>\n<p>\\n<\/p>\n<p>\u2014 Justice Department (@TheJusticeDept) <a href=\\\"https:\/\/twitter.com\/TheJusticeDept\/status\/1354510039059410948?ref_src=twsrc%5Etfw\\\">January 27, 2021<\/a><\/p>\n<\/blockquote>\n<p>\\n<\/p>\n<p><script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>\\n<\/p>\n<p>As stated by the US Department of Justice, NetWalker operates under a Ransomware-as-a-service (RaaS) model \u2014 developers provide access to the malware to affiliates who attack victims.<\/p>\n<p>\\n<\/p>\n<p>During the investigation, authorities charged a Canadian national. Thanks to attacks using NetWalker he received at least $27.6 million. Since April 2020 the defendant was linked to at least 91 NetWalker attacks, according to investigators.<\/p>\n<p>\\n<\/p>\n<p>Authorities also seized $454,530 in cryptocurrency. This amount comprises ransoms paid by three NetWalker victims.<\/p>\n<p>\\n<\/p>\n<p>Additionally, Bulgarian authorities seized a hidden resource on the dark web that NetWalker criminals used to contact victims.<\/p>\n<p>\\n<\/p>\n<p>According to Chainalysis, which aided authorities in the investigation, the hackers received more than $46 million in ransom from their numerous victims.<\/p>\n<p>\\n<\/p>\n<blockquote class=\\\"twitter-tweet\\\"><p>\\n<\/p>\n<p dir=\\\"ltr\\\" lang=\\\"en\\\">We\u2019re proud to announce that Chainalysis played a role in today\u2019s disruption of the Netwalker ransomware organization and arrest of a key affiliate. Get the details and see the blockchain analysis here! <a href=\\\"https:\/\/t.co\/mrJNiqOY7V\\\">https:\/\/t.co\/mrJNiqOY7V<\/a><\/p>\n<p>\\n<\/p>\n<p>\u2014 Chainalysis (@chainalysis) <a href=\\\"https:\/\/twitter.com\/chainalysis\/status\/1354512564244402180?ref_src=twsrc%5Etfw\\\">January 27, 2021<\/a><\/p>\n<\/blockquote>\n<p>\\n<\/p>\n<p><script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>\\n<\/p>\n<p>NetWalker attacks affected no fewer than 305 victims across 27 countries, including 203 residents of the United States. Among them were private companies, government agencies, hospitals and educational institutions.<\/p>\n<p>\\n<\/p>\n<div id=\\\"attachment_123311\\\" style=\\\"width: 830px\\\" class=\\\"wp-caption aligncenter\\\"><img loading=\\\"lazy\\\" decoding=\\\"async\\\" aria-describedby=\\\"caption-attachment-123311\\\" class=\\\"wp-image-123311\\\" src=\\\"https:\/\/forklog.com\/wp-content\/uploads\/Screenshot_247-300x201.png\\\" alt=\\\"US and Bulgarian authorities report successful operation against NetWalker ransomware\\\" width=\\\"820\\\" height=\\\"550\\\" srcset=\\\"https:\/\/forklog.com\/wp-content\/uploads\/Screenshot_247-300x201.png 300w, https:\/\/forklog.com\/wp-content\/uploads\/Screenshot_247-768x515.png 768w, https:\/\/forklog.com\/wp-content\/uploads\/Screenshot_247.png 975w\\\" sizes=\\\"auto, (max-width: 820px) 100vw, 820px\\\" \/><\/p>\n<p id=\\\"caption-attachment-123311\\\" class=\\\"wp-caption-text\\\">Data: <a href=\\\"https:\/\/blog.chainalysis.com\/reports\/netwalker-ransomware-disruption-arrest\\\" target=\\\"_blank\\\" rel=\\\"noopener noreferrer\\\">Chainalysis<\/a><\/p>\n<\/div>\n<p>\\n<\/p>\n<p><span style=\\\"font-weight: 400;\\\">NetWalker hackers attacked<\/span> <span style=\\\"font-weight: 400;\\\">the University of California<\/span> <span style=\\\"font-weight: 400;\\\">and <a href=\"https:\/\/forklog.com\/en\/news\/bitcoin-extortionists-attack-argentinas-immigration-service\">National Migration Service of Argentina<\/a>.<\/span><\/p>\n<p>\\n<\/p>\n<p><span style=\\\"font-weight: 400;\\\">In 2020, Netwalker was among <a href=\"https:\/\/forklog.com\/en\/news\/cybersecurity-experts-report-a-rise-in-ransomware-attacks\">the most widespread ransomware<\/a>.<\/span><\/p>\n<p>\\n<\/p>\n<p>Subscribe to ForkLog news on Telegram: <a href=\\\"https:\/\/t.me\/forklogfeed\\\" target=\\\"_blank\\\" rel=\\\"nofollow noopener noreferrer\\\">ForkLog Feed<\/a> \u2014 the full news feed, <a href=\\\"https:\/\/telegram.me\/forklog\\\" target=\\\"_blank\\\" rel=\\\"nofollow noopener noreferrer\\\">ForkLog<\/a> \u2014 the most important news and polls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>US authorities, together with Bulgarian law enforcement, conducted an operation aimed at disrupting NetWalker ransomware.<\/p>\n","protected":false},"author":1,"featured_media":35519,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[296,1154,26],"class_list":["post-35518","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-bulgaria","tag-crimes","tag-usa"],"aioseo_notices":[],"amp_enabled":true,"views":"19","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/35518","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=35518"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/35518\/revisions"}],"predecessor-version":[{"id":35520,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/35518\/revisions\/35520"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/35519"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=35518"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=35518"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=35518"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}