A Romanian national accused of conducting cyberattacks using the NetWalker ransomware has been sentenced to 20 years in prison in the United States, the Justice Department announced on Thursday.

In addition to the prison sentence, the man, 30-year-old Daniel Christian Hulea, has been ordered to pay nearly $15 million in restitution, and has been ordered to forfeit $21.5 million and his interests in an Indonesian luxury resort business that was funded using money obtained from the ransomware attacks.

Hulea was arrested in 2023 in Romania and was later extradited to the United States. He was accused of being a NetWalker ransomware affiliate — using the ransomware to target organizations from which he and a co-conspirator extorted more than 1,500 bitcoin (worth $21.5 million at the time of the payments). 

In June, the man pleaded guilty in a Florida court to computer fraud conspiracy and wire fraud conspiracy.

Hulea is the second individual to get a 20-year prison sentence in the US over NetWalker ransomware attacks. In 2022, Canadian national Sebastien Vachon-Desjardins received a similar sentence for his role in NetWalker attacks.

The NetWalker ransomware emerged in 2019 and was used to target hundreds of organizations around the world, including in the healthcare, law enforcement, education, emergency services, business, and local government sectors.

One of the victims was the University of California San Francisco (UCSF), which paid the cybercriminals over $1 million to recover from the incident. 

The NetWalker cybercrime operation was disrupted in 2021, when law enforcement in the US and Europe seized the dark web sites associated with the operation.

Related: Ukrainian Raccoon Infostealer Operator Sentenced to Prison in US

Related: LockBit Ransomware Affiliate Sentenced to Prison in Canada

Related: LockBit Ransomware Mastermind Unmasked, Charged

Related: Russian Man Who Laundered Money for Ryuk Ransomware Gang Sentenced