A Canadian man who played part in ransomware attacks on hospitals, government agencies, and businesses was sentenced to 20 years in prison and ordered to forfeit the $21.5 million U.S. investigators said he received from his hundreds of victims.

Sebastien Vachon-Desjardins, of Quebec, was involved with an international cybercrime group that since 2019 deployed NetWalker ransomware to lock up crucial computer systems of hospitals and other health entities, manufacturers, businesses, universities, and government agencies across the United States, Europe, and Asia Pacific until ransoms were paid, according to the Department of Justice (DOJ).

Vachon-Desjardins was indicted in December 2020 in U.S. District Court for the Middle District of Florida for his role in a ransomware attack and extortion of an unnamed company in Tampa, Fla., in May 2020. He pleaded guilty to one count each of conspiracy to commit computer fraud, conspiracy to commit wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer.