The U.S. Department of Justice charged Sebastien Vachon-Desjardins in January 2021, who allegedly obtained over $27.6 million from NetWalker-related offenses.

Court documents indicate that Hulea participated in a conspiracy that targeted various entities globally, including companies, municipalities, hospitals, and educational institutions.

The FBI issued a security alert in August 2020 regarding NetWalker ransomware attacks targeting both U.S. and foreign government organizations.

Daniel Christian Hulea, a Romanian national, has been sentenced to 20 years in prison for his involvement in the NetWalker ransomware attacks after pleading guilty to computer and wire fraud conspiracies in June 2023.

Hulea admitted to obtaining approximately 1,595 bitcoins from ransomware victims, which was valued at around $21.5 million at the time.

He was arrested by Romanian authorities in July 2023 and subsequently extradited to the United States under the U.S.-Romania extradition treaty.

Notable victims of NetWalker include the University of California San Francisco, which paid over $1 million to recover from a ransomware incident, as well as K-Electric and Argentina's immigration agency.

In January 2021, law enforcement agencies in the U.S. and Europe seized dark web sites associated with NetWalker, marking a significant disruption in their operations.

In addition to his prison sentence, Hulea was ordered to pay nearly $15 million in restitution and forfeit $21.5 million, along with relinquishing interests in an Indonesian company and a luxury resort in Bali financed by ransomware proceeds.

NetWalker ransomware, operational since 2019, has primarily targeted the healthcare sector, exploiting vulnerabilities during the COVID-19 pandemic to extort funds.

The ransomware group utilized a Ransomware-as-a-Service (RaaS) model, sharing 60-75% of ransom payments with affiliates, and reportedly collected $25 million from victims in just five months in 2020.

Ransomware affiliates employed data theft and encryption tactics, demanding ransoms ranging from hundreds of thousands to millions of dollars to restore access and prevent data leaks.