Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks, pleading guilty to fraud charges in June.———————————————————————————————————————————————Romanian national Daniel Christian Hulea, 30, was sentenced to 20 years in prison for his role in [NetWalker](https://securityaffairs.com/107987/malware/netwalker-ransomware-argentina-immigration-agency.html) ransomware attacks. Hulea pleaded guilty to computer fraud conspiracy and wire fraud conspiracy on June 20 for his role in the NetWalker ransomware attacks against organizations worldwide, including healthcare during [COVID-19](https://securityaffairs.com/113944/cyber-crime/netwalker-ransowmare-dismantled.html). The man admitted to extorting 1,595 bitcoin (-~$21.5M) in ransom payments.*’A Romanian man was sentenced today for his role in the NetWalker ransomware attacks to 20 years in prison and ordered to forfeit $21,500,000 and his interests in an Indonesian limited liability company and associated luxury resort property under construction in Bali, Indonesia — a business venture he financed with proceeds from the attacks.’ reads the [**press release**](https://www.justice.gov/opa/pr/romanian-national-sentenced-20-years-prison-connection-netwalker-ransomware-attacks) published by DoJ. ‘He was also ordered to pay $14,991,580.01 in restitution.’*Romanian authorities arrested Daniel Hulea on July 11, 2023, in Cluj, and extradited him to the U.S. under the U.S.-Romania extradition treaty.The NetWalker ransomware group has been active since 2019, it was operating using the [Ransomware-as-a-Service](https://securityaffairs.co/wordpress/106737/cyber-crime/netwalker-ransomware-25m.html) (RaaS) model.The list of victims of the group is long, it includes Pakistan’s largest private power company [K-Electric](https://securityaffairs.co/wordpress/109000/hacking/k-electric-netwalker-data-leak.html), [Argentina’s official immigration agency, Dirección Nacional de Migraciones](https://securityaffairs.co/wordpress/107987/malware/netwalker-ransomware-argentina-immigration-agency.html), and the [University of California San Francisco (UCSF)](https://securityaffairs.co/wordpress/105361/cyber-crime/ucsf-paid-ransom.html), the latter paid a $1.14 million ransom to recover its files.In August 2020, the FBI [has issued a security alert](https://securityaffairs.co/wordpress/106671/cyber-crime/fbi-warns-netwalker-ransomware-attacks.html) about Netwalker ransomware attacks targeting U.S. and foreign government organizations.NetWalker is also believed to have been responsible for compromising the network of the University of California San Francisco (UCSF), which[paid over $1 million](https://www.securityweek.com/ucsf-pays-cybercriminals-114-million-recover-files-after-ransomware-attack) to recover from the incident. In July, the FBI warned of NetWalker attacks[targeting government organizations](https://www.securityweek.com/fbi-warns-netwalker-ransomware-targeting-businesses).The Department of Justice also charged against the Canadian national Sebastien Vachon-Desjardins in relation to NetWalker ransomware attacks, he is alleged to have obtained at least over $27.6 million as a result of the offenses charged in the indictment. The law enforcement also seized $454,530.19 in cryptocurrency obtained from ransom payments.In January 2021, law enforcement authorities in the U.S. and Europe [**seized the dark web sites**](https://securityaffairs.com/113944/cyber-crime/netwalker-ransowmare-dismantled.html) used by [NetWalker ransomware](https://securityaffairs.co/wordpress/109000/hacking/k-electric-netwalker-data-leak.html) operators. The authorities also charged a Canadian national involved in the [NetWalker](https://securityaffairs.co/wordpress/109000/hacking/k-electric-netwalker-data-leak.html) ransomware operations.*’The Department of Justice today announced a coordinated international law enforcement action to disrupt a sophisticated form of ransomware known as NetWalker.’ reads the [press release](https://www.justice.gov/opa/pr/department-justice-launches-global-action-against-netwalker-ransomware) published by DoJ.**’NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Attacks have specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims.’*Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, ransomware)**
Related Tags:
NAICS: 62 – Health Care And Social Assistance
NAICS: 623 – Nursing And Residential Care Facilities
NAICS: 221 – Utilities
NAICS: 92 – Public Administration
NAICS: 22 – Utilities
NAICS: 922 – Justice
Public Order
Safety Activities
Netwalker
Blog: Security Affairs
Data Encrypted for Impact
Associated Indicators: