A former Canadian government employee has been sentenced to 20 years in prison for his role in a ransomware scheme that netted him more than $21 million.
Sebastien Vachon-Desjardins, a 34-year-old from Quebec, was sentenced in a Florida court on Tuesday after pleading guilty to charges related to his involvement in the prolific NetWalker ransomware-as-a-service (RaaS) operation. Vachon-Desjardins operated as an affiliate for NetWalker, where it is believed he conducted a number of U.S. companies and at least 17 Canadian entities.
Vachon-Desjardins, who worked as an IT consultant for Public Works and Government Services in Canada, according to his LinkedIn profile, was previously arrested by Canadian police in January 2021 and sentenced to seven years in prison. During a search of his home, law enforcement officials discovered and seized 719 bitcoin, valued at about $17.6 million at the time of writing, and $790,000 in Canadian currency. Authorities in the U.S. and Belgium also seized the dark web site used by NetWalker to publish data stolen from victims.
In March, Vachon-Desjardins was extradited to the U.S. to face charges of conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer and transmitting a demand concerning damaging a protected computer.
Alongside a 20-year prison sentence — far higher than the 12-15 year prison term suggested by federal guidelines — the former NetWalker affiliate was also ordered to forfeit $21.5 million that was illicitly obtained from “dozens” of victims globally, including companies, municipalities, law enforcement, emergency services, school districts, colleges and universities. NetWalker also targeted numerous hospitals in the U.S. during the COVID-19 pandemic.
“The defendant in this case used sophisticated technological means to exploit hundreds of victims in numerous countries at the height of an international health crisis,” U.S. Attorney Roger B. Handberg for the Middle District of Florida said.
NetWalker, also known as “Mailto,” first surfaced in 2019 and has since been linked to several high-profile attacks. In June 2020, the group targeted the University of California San Francisco, which paid a ransom demand of more than $1 million. Three months later, NetWalker hit cyberthreat startup Cygilant. Between August 2019 and January 2021, ransomware attacks involving NetWalker pulled $46 million in ransom payments, according to cryptocurrency analysis firm Chainalysis.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Hackers leak 500GB trove of data stolen during LAUSD ransomware attack
