30-year-old Romanian hacker Daniel Christian Khul has been sentenced to 20 years in prison for large-scale cyber attacks using the Netwalker program-carrier program. The court also ordered him to pay almost $15 million as compensation and confiscated property in the amount of $21.5 million.
Among the confiscated property was the luxury resort complex under construction on the Indonesian island of Bali, which the hacker acquired using funds received through criminal activities. Khula pleaded guilty to conspiracy for computer fraud and electronic fraud in the US state of Florida.
The Netwalker program was used to launch attacks on hundreds of organizations around the world. Victims included hospitals, municipal institutions, law enforcement agencies, emergency services, schools, colleges, and universities.
It was particularly egregious that the hackers intentionally targeted medical institutions during the Covid-19 pandemic, exploiting the global crisis to extort money from vulnerable organizations.
According to the case file, Hulia, using the malicious program, made approximately 1595 bitcoins for himself and his accomplice, equivalent to about $21.5 million at the time of the crime.
Romanian law enforcement officers arrested Khul in the city of Klizh on July 11, 2023, at the request of American authorities. He was later extradited to the United States in accordance with the extradition treaty between the two countries.
In January 2021, law enforcement agencies in Bulgaria collaborated to dismantle the Netwalker infrastructure. Bulgarian authorities seized the server used to host the Netwalker portal on the dark net, while their American counterparts arrested a Canadian citizen suspected of receiving $27.6 million from affected companies. Additionally, US authorities seized around $455,000 in cryptocurrency believed to have been obtained from the last three victims of Netwalker.
The US authorities then revealed that at least 305 organizations in 27 countries had fallen victim to Netwalker, with 203 of them located in the USA. According to a report by McAfee in August 2020, Netwalker operators “earned” $25 million from March to July 2020, with this amount steadily increasing until the malicious infrastructure was dismantled.
Furthermore, in June 2022, Canadian Sebastian Vashon Dezharden pleaded guilty in an American