Canadian indicted for launching ransomware attacks on orgs in US, Canada

US officials have been investigating 31-year-old Canadian Matthew Philbert since 2018.
Written by Jonathan Greig, Contributor

The FBI and Justice Department unsealed indictments today leveling a number of charges against 31-year-old Canadian Matthew Philbert for his alleged involvement in several ransomware attacks. 

Officials from the Ontario Provincial Police held a press conference on Tuesday to announce the charges and Philbert's arrest in Ottawa.  

In a statement, US Attorney Bryan Wilson of the District of Alaska said Philbert "conspired with others known and unknown to the United States to damage computers, and in the course of that conspiracy did damage a computer belonging to the State of Alaska in April 2018." Wilson and Canadian officials noted that they received help in the case from Dutch authorities and Europol. 

Canadian officials also announced charges against Philbert, noting that he had been arrested on November 30. The officials did not say which ransomware group Philbert was part of or what attacks he was responsible for. 

"Cyber criminals are opportunistic and will target any business or individual they identify as vulnerable," said Ontario Provincial Police deputy commissioner Chuck Cox. 

Among the charges Philbert is facing are one count of conspiracy to commit fraud and another count of fraud and related activity in connection with computers.

During the press conference, Cox said the FBI contacted officials in Ontario about Philbert's activities, which included ransomware attacks on businesses, government agencies, and private citizens. 

As Philbert was being arrested, police said they were able to seize several laptops, hard drives, blank cards with magnetic stripes, and a Bitcoin seed phrase. 

In January, police in Florida arrested another Canadian citizen in connection with several attacks by the Netwalker ransomware group. The DOJ claimed Sebastien Vachon-Desjardins managed to make about $27.6 million through several ransomware attacks on Canadian organizations like the Northwest Territories Power Corporation, the College of Nurses of Ontario, and a Canadian tire store in B.C. 

Emsisoft threat analyst Brett Callow, a ransomware expert based in Canada, told ZDNet that most people assume that ransomware attacks originate from Russia or the Commonwealth of Independent States. 

While the ransomware may be "made" in those countries, Callow noted that the individuals who use it to carry out attacks can be based anywhere. 

"In fact, there's so much money to be made from ransomware, it would be extremely surprising if individuals in countries like Canada, America, and the UK hadn't entered the market. Those individuals may, however, be sleeping a little less well at night than they used to. In the past, there was a near-zero chance of them being prosecuted for their crimes, but that's finally starting to change," Callow said. 

Editorial standards