Alleged Ransomware Attacker Arrested
Table of Contents
- By David Lukic
- Published: Dec 15, 2021
- Last Updated: Mar 18, 2022
Canadian authorities have arrested a suspected ransomware attacker. The Ottawa, Ontario resident was arrested on suspicion of executing several ransomware attacks. It is also alleged that the individual conducted malware campaigns and other digital attacks.
Who is the Alleged Attacker?
Ontario Provincial Police have identified the supposed ransomware attacker. The man’s name is Matthew Philbert. Philbert, age 31, was arrested on November 30. Ontario Provincial Police are holding Philbert. His arrest results from a two-year investigation into ransomware and malware crimes. A separate indictment against Philbert in the United States was also unsealed earlier in the week.
Who did the Ransomware Attacker Target?
Authorities state the ransomware attacker zeroed in on victims throughout Canada, the United States, and possibly several other countries. Philbert’s targets included municipalities, businesses, and everyday people. The attacks froze and accessed information systems, infrastructure and data. Though Europol contributed to the investigation, authorities have not stated if Philbert attacked people or businesses in Europe. Ransomware attacks aim to freeze networks or computers until a ransom is paid. The requested ransom is usually paid in a cryptocurrency such as Bitcoin.
An Anchorage, Alaska, federal grand jury indicted Philbert in mid-September of 2020. This two-count indictment charged Philbert with conspiracy to commit computer fraud and computer fraud. The indictment was unsealed earlier this week following Philbert’s arrest. The indictment in Alaska accuses Philbert of participating in a criminal conspiracy to damage several State of Alaska computing systems with malware. The indictment also states Philbert conspired with other bad actors against the United States of America.
How were the Attacks Made?
Investigators state Philbert also targeted victims with phishing attacks and malspam. Philbert allegedly sent unsolicited messages, including virus-laden attachments. The victims opened those attachments, creating a pathway for Philbert to access their computers. Philbert allegedly monitored targets’ computing activities, used their web cameras, and stole their login credentials.
How did the Authorities Find out About the Digital Attacks?
The law enforcement investigation into Philbert’s ransomware and malware attacks is named Project Coda. The investigation started after the FBI launched a raid in the winter of 2020. The FBI notified the Ontario Provincial Police about the malware and ransomware attacks. The collaboration between these two groups set the stage for Philbert’s arrest in November of this year.
Canadian authorities performed an independent investigation, spearheaded by the Cyber Operations Section of the Ontario Provincial Police. The Cyber Operations section is a component of the overarching Criminal Investigation Branch. The Royal Canadian Mounted Police also played a part in the investigation, providing support through its National Cybercrime Coordination Unit. The European Union’s Europol law enforcement specialists also provided support.
What are the Specific Charges?
Canadian police announced Philbert has been formally charged with the unauthorized use of a computer, the possession of a device used to commit mischief, and criminal fraud. Authorities seized Philbert’s computing equipment, including external storage devices, a tablet, laptops, a bitcoin seed phrase, hard drives, and more.
