on the morning of January 27th 2021 a French Canadian man prepared for the day with his usual routine consisting of a morning workout shower and a cup of black coffee in the Years leading up to today he would usually grab a briefcase and head to the office where he worked providing it support for his fellow Canadian government employees instead due to the pandemic he headed upstairs to his home office where a computer awaited him with six monitors and two keyboards but today there was something very different noises outside shouting car door slamming a loud commotion for a quiet suburb in Quebec as Sebastian looked out of the window searching for the source of the disturbance it all became quite clear there approaching his house like a swarm of tactically geared ants with a Royal Canadian Mounted Police they were coming to raid his house again but this time this time it would be the [Music] last hi your files are encrypted by netwalker if for some reason you read this text before the encryption ended this can be understood by the fact that the computer slows down and your heart rate has increased due to the ability to turn it off then we recommend the you move away from the computer and accept that you have been compromised in the year 2021 according to statistics 20% of all cyber crimes were attributed to what we call ransomware that is 62 3.3 million ransomware attacks per year distributed across the globe targeting both individuals and businesses regardless of size or importance ransomware refers to a malicious software that blocks access to a computer system usually demanding a payment in Bitcoin or otherwise easily transferred digital currency to then unlock the system essentially somebody gains access to your computer and restricts access to your files often then combing through them for anything they can use to Blackmail you with and then offers you the opportunity to pay them for the trouble of not exposing that to the public these leaks are often posted to the dark web sometimes bundled up as sales of data often posted publicly just to punish those who would refuse to pay up you might then ask why why would they still post the information if there's nothing to be gained personally by the hackers the answer is to scare future victims if word got out that the threats of exposure were toothless people would simply ignore the threats have their hard drives reformatted rebuild their system and declare the restricted files as lost forever an inconvenience but nothing too major but if there was a certainty that banking documents pictures identity credit card numbers and any other number of Secrets kept on that hard drive would make their way to the hands of the Shady underground internet referred to as the dark web well suddenly paying becomes much more attractive as a concept after all this would open them up to any number of other potential crimes and that goes just for individuals but business is well it's both more complicated as well as simpler now it's not just damages to themselves they need to worry about but to that of their clients Partners shareholders and more still looking at the statistics only around 10% of ransomware victims actually send a payment to unlock their files and to prevent them being posted but 10% of hundreds of millions of attacks is still a substantial amount resulting in ransomware being a multi-billion Dollar business year onye one of the most lucrative Industries on the planet for cost versus profit and of course of those 10% you pay it heavily skews towards companies due to their willingness to trade short-term capital to avoid long-term damage realistically this becomes a business decision if a company refuses a few $1,000 Ransom it can result in the loss of millions of dollars in restoring their lost service and data let alone the reputational cost so now you know the business of ransomware but what does an attacker usually look like if you picture this in your head right now you will probably come up with a foreign National who is far removed from the consequences of such cyber crime maybe they're sitting in a hoodie in a dark room the reality however is that the business of ransomware has been increasingly operating like a real company now for many years they have customer support Representatives all over the world for different languages they have regular office jobs during the day to hide their activities by night they can be your average everyday person your boss your brother your coworker your neighbor and that's what makes the dark webon modern day crime completely unpredictable it's right there in plain sight and it's easily accessible which is why in 2021 66% of organizations reported being affected by ransomware in some way which was an increase of 78 % compared to 2020 an insane number that's only getting bigger as time goes on so what about how a ransomware attack happens what does it look like well this is what it looks like from a cyber security expert's perspective in August 2020 Arthur keeps sa's home office in Vancouver Arthur worked for a large real estate developer called Amicon he was handling an email from a con worker who was having trouble opening a network file luckily Arthur managed to gain access to the system after using alternative methods only to realize that the files on the system had been altered from dot doc to random garbage he quickly realized somebody had been in the system and now when the files were opened it instead opened a message from the hacker that read exactly what you heard at the beginning of this video hi your files are encrypted by netwalker at this point the options for most people are very simple you're faced with two of them and this is how they play out option one you follow the link provided which takes you to a chat program on a dark web portal that was specifically designed to facilitate negotiations for payment they tell you how much they want you haggle and then you pay the money to a Bitcoin address at which point they unlock your files and wish you a pleasant day after all for them this is simply business no hard feelings option number two you don't click the link you don't negotiate negotiations fail or some other conclusion that results in the ransom not being paid if you're an individual your information is then posted online and you now run the risk of a whole number of other potential crimes cyberstalking harassment from other scammers who now have partial or full access to a whole dump of information about you potentially your family and if you're a business well you are now locked out of a bunch of files that you better have a backup for your systems need to be rebuilt anything tied to your network no longer works and you might be out for the count for days weeks or months depending on how centralized you kept things you've also lost the respect trust and potential business of your customers and could quite literally go busted due to the combination of events that's why for businesses this comes down to a simple game of numbers what would it cost to comply versus what would it cost to ignore to pay up might cost them 1% of their yearly Revenue but to lose access to their files could cost them everything for Arthur and Amicon they they didn't pay instead they relied on his expertise and safeguards to restore their data in a timely manner and continue as if nothing had happened within 72 hours due to his precautions and knowledge they were back up and running no harm no foul Amicon though is the exception here they are an outlier who were lucky to have Arthur in his preparation most companies spend close to 0 on cyber security and even when they do the damages often transcend that of finances what does that sentence mean well if you look at the stats one of the industries impacted most by ransomware is the health industry which can mean delaying diagnosis and treatment of critically unwell patients which means that there's not just dollar value damages due to ransomware but actual human life and risks of societal or civil unrest a clear example of this is the sick kids hospital in Toronto who lost access to most of their Systems phone lines Imaging results and more for multiple months crippling their ability to provide care to sick children this is one example and the numbers speak for themselves of the scope in 2021 just the US Health industry was hit by $7.8 billion in Damages in downtime alone ransomware has become the buggyman of modern cyber crime and why because where previously was individuals throwing out a little net hoping to catch a couple small fishes the industry has been taken over by on Coca-Cola Walmart Microsoft and more no not those actual companies just the scale of them there are now businesses that are treating ransomware as a service they have elevated what was a disorganized and Niche crime into something far scarier and far larger they've built tools training infrastructure and they've recruited talented individuals and in 2020 they found their most valuable asset to date Sebastian Sebastian seemed on surface level a normal guy respectable in good shape and of course trustworthy that is if you didn't know his history which it seemed nobody did in 2015 at the age of 27 Sebastian was charged with 7 counts of possession for the purpose of trafficking drugs in his house they found a locked room that contained 45 kg of marijuana 60,00 000 methamphetamine tablets 8,600 G of hash 13,000 ecstasy pills and a money counting machine somehow this Treasure Trove of illegal substances and evidence of his dealing going back to 2012 or earlier only netted Sebastian 3 and a half years behind bars of which he only served a handful of months somehow even more bizarrely this Federal conviction didn't disqualify Sebastian for the job he gained in the Canadian government just one year later in 2016 Sebastian was in gainful employment as an IT specialist for the Canadian Public Services now did prison and a government job stop the otherwise normal guy from his life of crime no of course not during the day Sebastian went to the office and performed his it responsibilities and during the evening he continued to traffic narcotics that is until he was caught yet again in 2019 the despite that he still didn't stop he seemed determined to live a double life one as a white collar worker who no one would ever consider could be up to anything nefarious and the other as a dark web crime Kingpin there was one lesson he did learn though and that was to put the physical act of hoarding narcotics behind him instead answering an ad on the dark web that asked do you want to participate in ransomware attacks to which he typed yes over the next month Sebastian worked with netwalker to learn the tools of the trade how to use their software who to use it on what to say when it worked what to say when it didn't you see netwalker was a serious organization they had protocols support staff hierarchy of management training and of course guidelines this wasn't some basement operation where anything goes you have to comply with their rules the most important of which was who exactly could become their victims networker specifically focused on business instead of chaos they didn't want to cast a wide net risking exposure or capture for a very small percentage payout from individuals or small businesses instead they set sights on companies with a specific dollar value of yearly Revenue if a company didn't turn over more than $30 million per year in Revenue they were off the hook and ignored even if access was guaranteed net Walker was not participating in ransomware to steal Secrets or publish information for fun they did this purely to to make money just like every other business on the planet they of course blatantly more illegal so why 30 million why that number while they also had another rule the initial ask for ransom would amount to 1% of the total revenue meaning their flaw for payouts from each business was $300,000 each anything below that was deemed not worth their time why because by 2021 they had discovered the ugly and uncomfortable truth about how ransomware is owed to work companies of this size they'd found were more likely to pay up than to risk the embarrassment and disruption of their business and would have the cash on hand to do so instead of wasting time arguing over tens of thousands of dollars with thousands of victims they could simply Target the Wales and get a higher percentage conversion rate for a higher dollar value for this reason netwalker very quickly made a name for themselves in the world of cyber crime they were the ransomware company people people wanted to work with them they had the best Affiliates signing up they were essentially printing money without performing any of the actual crime or leg work themselves on top of that they were originally a Russian only organization putting them far from the reaches of federal governments in the western world who would want to arrest them for the billions of dollars in yearly damages this essentially made them insulated and printing money passively after all you could either play in the little leagues for pennies or you could give net Walker a big Kickback and join the major leagues for the big bucks this is exactly where Sebastian found himself in April of 2020 his training had finished and he was ready to become a netwalker the next step in his criminal career very quickly Sebastian earned himself a reputation as being somewhat of a legend the networker organization was the cream of the crop this was the big time and Sebastian was their most valuable player by far he was securing ransoms faster than any of the 100 or so other Affiliates gaining massive sums of Bitcoin in the process he was so successful in fact that they convinced him to begin teaching courses of his success on the dark web with classrooms full of aspiring cyber criminals this guy was like the Michael Jordan of ransomware during one year of being in affiliate with netwalker Sebastian secured over half of their entire operational earnings to put that in a dollar amount in just one year he managed to single-handedly extort over $21.5 million where netw Walker's entire operational earnings worldwide was 40 million in the same period but to anyone outside of Sebastian's world nothing in this year changed at all he wasn't making the same mistakes as many Petty criminals who quickly come into vast wealth there were no sports cars Gucci flipflops Louis Vuitton bags or Richard Mill Watchers no big houses no models and no private jet pictures on Instagram he was still driving his mundane car living in his modest Suburban House it seemed as if he was treating the criminal Enterprise as a high score on a Pac-Man machine simply trying to reach the highest number he could with no impulse to quit while ahead or splash the incredible sums of stolen wealth in fact if it wasn't for these simple mechanics of how crime Works Sebastian may never have been caught due to how careful he was but this is real life and Sebastian was about to find out just how hard that statement hits let's look at it like this if you're a smalltime nobody using your own software and stealing a few dollars here and there sure you're not in the big leagues but you also have a singular point of failure and that is you yourself if you were to do everything perfectly you would likely remain completely insulated for your entire career but when working as essentially a franchised element of of an organization like netwalker you are sitting at top a house of cards during a storm you could do everything perfectly but one slip up from anybody else in the whole organization and you could be the one paying the price not just that but everything you do is now Amplified you're earning huge sums of money but you're also causing even larger sums of Damages you're shutting down oil companies which is causing cues at the pumps and increased prices you're shutting down hospitals for sick kids you're shutting down law firms and putting stress on the legal system you are part of a group that has a brand name who are being pointed at by the most powerful federal agencies on the planet and unlike the owners of that brand name who are hiding in Russia Sebastian was in Canada as Stones throw away from a federal prison cell and little did he know the cards beneath him were about to fall while sleeping Sebastian's life was about to change forever you see the US government had found the weak link and it was ironic the stick that all ransomware operators were using to persuade their victims to pay up that stick of course was the punishment blog operated by netwalker the website hosted on the dark web that acted as a treasure Trove of data from those who decided not to negotiate with the hackers a website that in a single 12-month period represented billions of dollars in Damages with the information that they' posted but even dark websites have to be hosted somewhere and it just so happens the FBI had discovered exactly where a Bulgarian server which was now scheduled to be taken down during a multifaceted operation that would see Sebastian in cuffs and the blog changed to a familiar site for dark websites a logo of the FBI and a notice of seizure on January 27th 2021 this is exactly what happened the netwalker blog redirected to an FBI notice and once that rock was lifted the netwalker operator scattered in every Direction their 100 or so affiliate members along with them but right there with a bright light shining on him was the single most valuable member of the organization and the only one remaining to face the consequences Royal Canadian Mounted Police took him into custody searching his home in the process within minutes they knew they had the right man hundreds of thousands of dollars hidden across the house keys to safety deposit boxes with hundreds of thousands of dollars across multiple boxes and of course dozens of laptops computer and Bitcoin wallets containing over 790 Bitcoin valued at the time of seizure at around $3 million Canadian dollar at this point the RCMP began their investigation with an emphasis on finding Sebastian's Canadian victims and tracing his impact back to those attacks and you know what they found well they found that most of the companies that had been extorted for sometimes millions of dollars refus to help the investigation some of them outright refused to acknowledge any crime had been committed or that they were even hacked at all why well this goes back to why ransomware can exist as a concept to use a crude analogy this is why you don't negotiate with terrorists if every single time a ransomware attack happened the company or the individual refused to pay ransomware would cease to exist as it then wouldn't be profitable to engage in which would leave the criminals to find other things to do with their time that actually paid for that effort the only way somewhere can exist is because somebody paid at that point it became a business worth pursuing which made it grow which is a self-fulfilling prophecy what you discover as you deep dive into the murky Waters of ransomware though is that most companies of a certain size will simply pay the ransom to avoid embarrassment regulatory repercussions loss of trust from customers or partners and potential for larger damages the difference between paying a $300,000 Ransom or rebuilding your system without adequate backups could easily cost tens of millions of dollars in finances alone let alone the damage to your business reputation which may never recover and regardless of whether they pay or not many businesses do not wish to acknowledge that they were ever the victim of an attack in the first place even if it means getting restitution in the process which makes the statistics of reported ransomware attacks thought to be only a fraction of those that exist with some experts claiming around 95% simply go unreported so with all that in mind what became of net Walker and Sebastian in the end after the seizure netwalker ceased operation although since the masterminds of the operation were never caught it's unlikely that they're gone for good as for Sebastian he cooperated with Canadian authorities telling them everything he knew about how the ransomware world works but refusing to give up any names or members of his organization he plad guilty to extortion and other crimes being sentenced to 7 years imprison during the Canadian trial the United States had other plans however they extradited him to Florida where the FBI task force had been situated and proceeded to charge him again with the same crimes which he also pleaded guilty to the lawyers agreed to a 13 to 14e sentence which was the lowest they could go due to sentencing guidelines the judge however did not agree instead he compared Sebastian to a modern-day Jesse James using a computer instead of a gun to Rob Banks pointing out the incredible damage he caused as well as the lack of mitigating circumstances surrounding his reasons to commit such crimes after all there was no discernable reason as to why he turned to a life of crime he grew up normally he was educated parents were loving money was never tight jobs were never scarce he was never lonely he didn't use the money to live lavishly or anything like that and there was no ending sight it seemed like he did it all just to see if he could which played a factor when the judge sentenced him to the maximum for the crimes which was 20 years in federal custody and that is the takeown of netwalker Sebastian vashan deander the best netw Walker but only 1% of the affiliate operation a single person out of over a 100 and never The Mastermind a man who was responsible for over $21.5 million of ransoms within a single year who single-handedly infiltrated over a 100 businesses across the United States and Canada causing hundreds of millions potentially even billions of dollars in Damages for those who needed to rebuild in the aftermath of their refusal to pay and yet hundreds of his students and those who recruited him are still out there committing crimes we never see they are never reported and yet cost all of society all the same in the final confession of Sebastian he admitted that in the weeks leading up to his arrest he was helping net Walker to create a new bigger and better version of the ransomware meaning if they're not already back when they are could be worse than ever
