According to a recent federal indictment, a 31-year-old Canadian resident has been accused of ransomware attacks on companies in the United States and Canada. Matthew Philbert of Ottawa was active in many cyberattacks, as per parallel investigations by the Ontario Provincial Police (OPP) and the Federal Bureau of Investigation.
Philbert was apprehended on November 30, 2021, due to an investigation started in January 2020, when the FBI alerted the OPP about cyber activities occurring in Canada. Per accusation, Philbert targeted at least ten computers belonging to a healthcare company in the District of Alaska between April and May 2018.
According to the indictment, the defendant failed to install ransomware on the victim’s computers, which would have harmed the “medical examination, diagnosis, treatment, and care” of several people. In search of allegations of cyberattacks on healthcare-related institutions throughout the time specified in the indictment, a breach notification from the state’s Department of Health and Social Services was discovered.
The hack, which was traced back to April 26, resulted in the exposure of more than 500 people’s personal information. Ransomware is usually used towards the end of an attack once the attackers have selected which systems to encrypt.
Despite the similarities in specifics, it’s impossible to say whether the unsuccessful ransomware attempt described in Philbert’s case is the same as the one described in the Alaska Department of Health and Social Services’ breach notification. Although Philbert’s charge in the United States highlighted failed ransomware operations, the Ontario Provincial Police investigation found that the defendant carried out “multiple ransomware operations” in Canada, affecting private enterprises and government entities.
Philbert is accused in the United States with one count of conspiracy to conduct fraud and associated behavior involving computers, as well as one count of fraud and related action involving computers. The defendant is accused of possessing a device to get unauthorized access to a computer system or to commit mischief, fraud, and unlawful use of a computer in Canada.
Police in Canada confiscated desktop and laptop computers, a tablet, several storage devices, mobile phones, the seed phrase for a Bitcoin wallet, and blank cards with magnetic strips following Philbert’s arrest. The OPP got help from the Royal Canadian Mounted Police’s National Cybercrime Coordination Unit (NC3) and Europol throughout its investigation, indicating that Philbert may have been engaged in ransomware attacks outside of the United States and Canada.