NetWalker Ransomware Affiliate Gets 20 Years In Prison
Read also: Top LockBit dev charged in US, faces extradition from Israel, two scammers charged in $22 million NFT fraud scheme, and more.
Thursday, December 26, 2024
NetWalker ransomware affiliate sentenced to 20 years in prison
A Romanian man has been sentenced to 20 years in a US prison for his role in the notorious NetWalker ransomware attacks. In addition, Daniel Christian Hulea has to forfeit $21.5 million in illicit proceeds and hand over his stake in an Indonesian business venture linked to a luxury resort property under construction in Bali. The man has to pay almost $15 million in restitution to his victims.
Hulea was apprehended in Cluj on July 11, 2023, on a request from US authorities. He addmitted on June 20 to charges of computer fraud conspiracy and wire fraud conspiracy.
According to court documents, he confessed to having participated in a sophisticated ransomware operation that has targeted multiple victims worldwide, including critical entities such as hospitals, law enforcement agencies, and educational organizations.
Hulea’s role in the NetWalker scheme involved using ransomware to extort approximately 1,595 bitcoin, valued at around $21.5 million at the time of the payments. The funds were funneled into various ventures, including the financing of the luxury resort property in Bali.
Alleged LockBit dev charged in the US, faces extradition from Israel
The US has charged Rostislav Panev, a dual Russian and Israeli citizen, for his role as a developer for the LockBit ransomware group. Panev was apprehended in Israel in August and awaits extradition to the US.
According to authorities, Panev worked with LockBit from its inception in 2019 until February 2024. LockBit targeted over 2,500 victims across 120 countries, extorting more than $500 million and causing billions in damages.
Panev allegedly designed LockBit's malware and maintained its infrastructure, allowing affiliates to customize ransomware for specific attacks. Evidence from Panev’s computer revealed access to LockBit’s Dark Web repositories, control panels, and tools like ‘StealBit,’ used to siphon stolen data.
Court documents further indicate Panev received over $230,000 in cryptocurrency for his work, including creating malware to disable antivirus software and distribute ransom notes across networks. Panev admitted to Israeli authorities that he developed and maintained LockBit's malware and provided technical guidance to the group.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
Two scammers charged in $22 million NFT fraud scheme
Two US residents, Gabriel Hay and Gavin Mayo, have been charged in what authorities are calling the largest NFT fraud scheme prosecuted to date. The indictment says the pair allegedly defrauded investors of over $22 million in cryptocurrency through a series of so-called “rug pulls,” a scheme where creators ask for funds for digital asset projects and abruptly abandon them, keeping the investors' money.
Between May 2021 and May 2024, Hay and Mayo allegedly launched multiple NFT and digital asset projects, promoting them with false claims and misleading “roadmaps.”
In one instance, Hay and Mayo promoted a project as the “first NFT project to be pegged to a hard asset,” a claim investigators say was entirely fabricated. When a project manager exposed their involvement, the pair allegedly launched a harassment campaign against him and his family.
Both men were arrested in Los Angeles. They face charges including conspiracy to commit wire fraud, wire fraud, and stalking. If convicted, each could face up to 20 years in prison for wire fraud, and up to five years for stalking.
A massive tech scam network that siphoned €1M dismantled in Spain
A coordinated operation by Spanish law enforcement agencies has neutralized a sophisticated scam network, leading to the arrest of 23 individuals accused of fraud, drug trafficking, money laundering, and involvement in a criminal organization.
Based in Manlleu, Osona, the group defrauded over 1,200 victims nationwide, stealing more than €1 million in six months. The suspects used advanced phishing techniques—smishing, phishing, and vishing—to impersonate banks and steal sensitive information, often emptying victims’ accounts. The network primarily operated from Osona but withdrew stolen funds in Barcelona, Girona, and other regions to evade detection.
The investigation began in October 2023 after numerous complaints about cyber scams. Authorities executed two major operations in March and in November 2024.
The March operation resulted in the arrest of 18 suspects and the seizure of mobile phones, cryptocurrency devices, weapons, €50,660 in cash, and other evidence. In November, authorities apprehended five key members of the group.
A Brazilian hacker charged for extortion, selling data from breached computers
A Brazilian citizen has been indicted by US authorities for cyber extortion after allegedly stealing confidential customer data from the Brazilian subsidiary of a US-based company and demanding millions in bitcoin to keep the data private.
The indictment alleges that Junior Barros De Oliveira hacked the computer systems of the subsidiary in March 2020 and obtained sensitive customer data for approximately 300,000 individuals. In September 2020, De Oliveira allegedly began contacting US representatives of the company, including its CEO, demanding over $3 million in bitcoin in exchange for keeping the stolen data confidential.
De Oliveira was charged with eight federal counts, including extortionate threats and threatening communications. Each count of making extortionate threats involving information obtained from protected computers carries a maximum penalty of five years in prison and a $250,000 fine or twice the financial loss or gain, whichever is greater. Additionally, each count of threatening communications carries a maximum sentence of two years in prison and a similar fine.
If convicted on all charges, De Oliveira could face a total of up to 28 years in prison and significant financial penalties.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
