Nathan Francis Wyatt, 39, was sentenced after he pleaded guilty in federal court in St. Louis to conspiring to commit aggravated identity theft and computer fraud. He was also ordered to pay about $1.5 million in restitution.
Federal prosecutors said The Dark Overlord stole medical records, client files and personal information from the companies, then demanded between $75,000 and $300,000 worth of Bitcoin to return the information. None of the companies paid the ransom but the conspiracy did cost them because of the intrusion and release of data, federal prosecutor Laura Kathleen Bernstein said.
Wyatt set up a phone account and accounts on Twitter and PayPal that were used to communicate and receive money, she said. Wyatt apologized during the hearing, held via Zoom, saying that he was on medication for mental problems that led him to make bad decisions, The St. Louis Post-Dispatch reported.
“I can promise you that I’m out of that world,” he said, voice breaking. “I don’t want to see another computer for the rest of my life.” His lawyer, Brocca Morrison, noted that Wyatt did not orchestrate the hacks and is the only hacker who has been identified.
Bernstein said Wyatt’s actions helped the other hackers remain anonymous and that his phone account was used to send threatening text messages to relatives of victims. Wyatt was indicted in 2017, but he was not extradited to the U.S. until last year after British lawyers fought to keep him in that country.
He had served 14 months in a British prison after pleading guilty to 22 charges after he was accused of demanding money from the owner of a hacked computer and using stolen credit cards.