Taking down a ransomware hacker
In January 2021, following his third arrest by Simard, this time on behalf of the FBI for alleged ransomware crimes in the United States, Vachon-Desjardins was taken to the Hull detention facility in Gatineau to await extradition.
He applied for bail in May. In his application, he said he was still employed by the federal government, but that his security clearance had been suspended pending an investigation by PSPC.
PSPC told The Fifth Estate in an email that “as of Jan. 13, 2021, Mr. Vachon-Desjardins was no longer a PSPC employee,” but would not confirm whether Vachon-Desjardins quit or was fired, citing privacy reasons.
It also said it “took swift action to safeguard PSPC’s employees, information and assets” once PSPC was made aware of “adverse” information, and following an internal investigation, it found no evidence of a security breach or compromise to government information or assets.
Before Vachon-Desjardins could be extradited, his pending drug charges and the RCMP’s ransomware case in Canada needed to be resolved.
“Once we had his actual devices, we were able to get a far more clear picture of what he was doing. We were able to see, sort of with more clarity, the number of victims that he was victimizing,” said Gammons.
The RCMP discovered some of those victims included Canadian educational institutions and businesses.
Investigators reached out to some victims they had identified, including Amacon, a real estate development firm in Vancouver that had been attacked in August 2020.
“We had kept good logs and we were able to provide them IP addresses and timestamps, access logs, scope, and we were able to tie all of that together, working together with the RCMP to try to help put together a charge,” said Arthur Keech, the firm’s IT manager.
Amacon didn’t pay the $10,000 ransom.
“I have a very strong position that you should never communicate or sort of consider any ransom with these individuals,” said Keech