Daniel Christian Hulea, a Romanian hacker involved in the notorious NetWalker ransomware scheme, has been sentenced to 20 years in prison for his role in cybercrimes that impacted victims worldwide. Hulea pleaded guilty to computer fraud and wire fraud conspiracy charges in June 2024. He was arrested by Romanian authorities in July 2023 and later extradited to the United States to face charges. The NetWalker ransomware group, of which Hulea was an affiliate, deployed attacks against various organizations, including hospitals, law enforcement agencies, and businesses, exploiting the global COVID-19 crisis to target healthcare providers and other vulnerable entities.
As part of his plea agreement, Hulea admitted to obtaining approximately 1,595 bitcoins, valued at around $21.5 million at the time, from victims of the NetWalker ransomware attacks. This ransomware-as-a-service (RaaS) operation saw affiliates like Hulea deploy the malicious software to extort ransom payments from compromised victims. The ransomware would encrypt sensitive files and demand hefty sums for their decryption, often accompanied by threats to leak stolen data. Hulea’s involvement significantly contributed to the millions of dollars stolen by the group over its operation.
Along with his prison sentence, Hulea was ordered to pay $14,991,580.01 in restitution to victims and forfeit assets worth $21.5 million, including interests in a luxury resort property in Bali, Indonesia, which was financed with the proceeds of the ransomware attacks. This substantial financial penalty reflects the severity of his crimes and the widespread impact of the NetWalker attacks on global businesses and institutions. Additionally, Hulea must relinquish his interests in an Indonesian company linked to his criminal activities.
The sentencing of Hulea follows the 2022 conviction of Canadian affiliate Sebastien Vachon-Desjardins, who was also sentenced to 20 years for his involvement in orchestrating multiple NetWalker attacks. The group’s extensive operation, which began in 2019, was dismantled after a coordinated international law enforcement effort seized their websites and payment platforms in 2021. While the NetWalker operation is no longer active, researchers have found connections between its code and other ransomware strains, indicating that the group’s methods may continue to influence cybercriminal activities.
