Canadian man charged with ransomware attacks in Alaska and Canada

A Canadian man is facing charges in both Canada and the U.S. after being accused of conducting a series of ransomware attacks.

Ontario Provisional Police announced earlier this week that Matthew Philbert had been linked to cyberattacks against individuals, business and government agencies in Canada.

The 31-year-old was also indicted in the state of Alaska and charged with two computer-related offences, according to a statement from the U.S. Attorney’s Office for the District of Alaska.

Philbert has been charged with fraud, unauthorized use of a computer and possession of a device to obtain unauthorized use of a computer system or to commit mischief.

Police also seized computers, hard drives, cell phones, blank cards with magnetic stripes and a master password for a Bitcoin wallet.

How did he get caught?

One of the many regularly cited adages of cybercrime is that attackers rarely get prosecuted for their actions. It’s simply much too difficult to identify perpetrators, and there are so many attacks conducted that the vast majority aren’t even investigated.

So what led to the identification and arrest of Matthew Philbert?

It began with a cyber attack in 2018. No specific details were given about the incident, but Detective Inspector Matt Watson of the Ontario Provincial Police’s Criminal Investigation Branch told journalists that Philbert targeted individuals whose home computers were compromised, as well as small and mid-sized businesses.

The Ottawa Citizen newspaper added that Philbert’s attacks involved phishing emails that contained infected attachments.

This is a common method of delivering ransomware. The malware will often be hidden in macros in a Microsoft Office file. When the recipient opens the document, they will be prompted to enable macros, which unleashes the ransomware onto their system, where it then spreads across the network.

In addition to ransomware, Philbert used malware that enabled him to access web camera footage, steal passwords and make fraudulent banking transactions.

The Canadian’s attacks soon reached the attention of the Ontario Provincial Police, although it didn’t cite any specific victims, and spawned a 23-month investigation that involved the Canadian Royal Mounted Police, the FBI and Europol.

Philbert was arrested on 30 November and remains in custody.

Acting U.S. Attorney Bryan Wilson of the District of Alaska said the investigation and arrest “is a great example of the importance of international partnerships to combat the evolving and growing threat of cybercrimes.”

He added: “Cybercriminals are a dangerous threat and together with our law enforcement partners, we will use all our available resources to bring cybercriminals who target Alaskans to justice, wherever they are.”

newsletter sign-up