Canadian charged for launching ransomware attacks on targets in Canada and the US

An Ottawa man has been charged for his alleged involvement in several ransomware attacks on targets based in Canada and the United States.


On Tuesday, officials from the Ontario Provincial Police held a press conference, unsealing indictments after almost two years of investigation, which led to the arrest of 31-years-old Canadian Matthew Philbert.

The investigation was initiated when the Federal Bureau of Investigation reached out to Ontario Provincial Police back in January 2020 about rising ransomware attacks in Canada.

Officials say they found one person guilty of executing numerous ransomware attacks on businesses, government agencies, and private individuals across Canada, along with other cyber-related offenses in the U.S.

In a statement, US attorney Bryan Wilson of the District of Alaska said Philbert “conspired with others known and unknown to the United States to damage computers, and in the course of that conspiracy did damage a computer belonging to the State of Alaska in April 2018.” Wilson and Canadian officials state that they have also been assisted by Dutch authorities and Europol in this case.

Canadian law enforcement authorities also announced charges against Philbert, stating that he had been apprehended on November 30. However, they did not disclose which ransomware group Philbert was part of and what attacks he was responsible for.

“Cybercriminals are opportunistic and will target any business or individual they identify as vulnerable,” said Ontario Provincial Police deputy commissioner Chuck Cox.

Philbert is currently facing one count of conspiracy to commit fraud and offenses related to computers and one count of fraud and related offenses in connection with computers.

The officials say they seized evidence, including laptops and desktops, tablets, hard drives and mobile phones, Bitcoin seed phrases, and blank cards with magnetic stripes.

The 31-year-old accused is currently being held in custody pending further court appearances, police noted.

“Cybercriminals are opportunistic and will target any business or individual they identify as vulnerable.” OPP deputy commissioner Chuck Cox said in a press release. “The OPP continues to demonstrate its ability to seamlessly collaborate on integrated police investigations to combat cybercrimes and other illegal activities.”

It is commonly assumed that ransomware attacks usually originate from Russia or other Commonwealth of Independent States. While the ransomware may be “created” in those countries, experts believe that the individuals who use it to execute attacks can be from anywhere.