{
	"id": "4d9a311e-a1b3-4817-b63c-23d6e0be6fb3",
	"created_at": "2026-04-06T00:20:01.401636Z",
	"updated_at": "2026-04-10T13:12:00.544136Z",
	"deleted_at": null,
	"sha1_hash": "0caf579d9d928da1f971c778a96703d904aa6f9d",
	"title": "Romanian Netwalker ransomware affiliate sentenced to 20 years in prison",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1647089,
	"plain_text": "Romanian Netwalker ransomware affiliate sentenced to 20 years in\r\nprison\r\nBy Sergiu Gatlan\r\nPublished: 2024-12-20 · Archived: 2026-04-05 19:48:13 UTC\r\nDaniel Christian Hulea, a Romanian man charged for his involvement in NetWalker ransomware attacks, was sentenced to\r\n20 years in prison after pleading guilty to computer fraud conspiracy and wire fraud conspiracy in June.\r\nHulea was extradited to the United States after being arrested by Romanian police in Cluj in July 2023 at a request from\r\nU.S. law enforcement authorities.\r\nAccording to court documents, Hulea admitted to participating in a conspiracy to use NetWalker ransomware. Affiliates of\r\nthe NetWalker cybercrime gang have deployed this malware in attacks against hundreds of victims worldwide, including\r\nhospitals, law enforcement, emergency services, companies, municipalities, school districts, colleges, and universities.\r\nhttps://www.bleepingcomputer.com/news/security/romanian-netwalker-ransomware-affiliate-sentenced-to-20-years-in-prison/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/romanian-netwalker-ransomware-affiliate-sentenced-to-20-years-in-prison/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe group's attacks have also taken advantage of the global crisis triggered by the COVID-19 pandemic to target healthcare\r\norganizations and extort victims.\r\nAs part of his plea agreement, Hulea said he obtained approximately 1,595 bitcoins from NetWalker ransomware victims for\r\nhimself and a co-conspirator, worth roughly $21.5 million at the time of the ransom payments.\r\nIn addition to his 20 years in prison, he was ordered to pay $14,991,580.01 in restitution and forfeit $21,500,000. He must\r\nalso relinquish his interests in an Indonesian company and a luxury resort property currently under construction in Bali,\r\nIndonesia, financed using proceeds from the ransomware attacks.\r\nTwo years ago, in October 2022, the United States also sentenced Canadian man Sebastien Vachon-Desjardins to 20 years in\r\nprison, another Netwalker ransomware affiliate who orchestrated attacks on multiple U.S. companies and at least 17\r\nCanadian entities, leading to tens of millions in dollars.\r\nWhen the U.S. DOJ charged Desjardins on January 27th, 2021, an international law enforcement operation also seized all\r\nNetwalker websites, including their Tor payment and data leak sites.\r\nNetwalker ransomware leak site (BleepingComputer)\r\nNetwalker was a Ransomware-as-a-Service (RaaS) operation active since 2019 that recruited affiliates to deploy the\r\nransomware for a 60-75% share of all ransom payments.\r\nAccording to an August 2020 report, the threat actors involved in the cybercrime group collected $25 million from\r\nvictims within just five months.\r\nDuring the attacks, the ransomware affiliates stole data from compromised systems and encrypted the devices. They then\r\nasked victims to pay ransoms ranging from hundreds of thousands to millions of dollars to recover files and prevent their\r\nstolen data from being leaked online.\r\nEarlier this year, security researchers analyzing Alpha ransomware payloads and modus operandi in February found strong\r\nlinks with the now-defunct Netwalker ransomware operation, hinting at the Netwalker code repurposed for new attacks by\r\nother threat actors or a NetWalker rebrand.\r\nhttps://www.bleepingcomputer.com/news/security/romanian-netwalker-ransomware-affiliate-sentenced-to-20-years-in-prison/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/romanian-netwalker-ransomware-affiliate-sentenced-to-20-years-in-prison/\r\nhttps://www.bleepingcomputer.com/news/security/romanian-netwalker-ransomware-affiliate-sentenced-to-20-years-in-prison/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/romanian-netwalker-ransomware-affiliate-sentenced-to-20-years-in-prison/"
	],
	"report_names": [
		"romanian-netwalker-ransomware-affiliate-sentenced-to-20-years-in-prison"
	],
	"threat_actors": [],
	"ts_created_at": 1775434801,
	"ts_updated_at": 1775826720,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0caf579d9d928da1f971c778a96703d904aa6f9d.pdf",
		"text": "https://archive.orkl.eu/0caf579d9d928da1f971c778a96703d904aa6f9d.txt",
		"img": "https://archive.orkl.eu/0caf579d9d928da1f971c778a96703d904aa6f9d.jpg"
	}
}