The FBI and the Justice Department unveiled warrants today charging 31-year-old Canadian Matthew Philbert with a variety of ransomware-related offenses.
On Tuesday, authorities from the Ontario Provincial Police made a public statement in Ottawa to disclose the charges and Philbert's arrest.
U.S. Attorney Bryan Wilson of the District of Alaska said in a statement that Philbert “conspired with others known and unknown to the United States to damage computers, and in the course of that conspiracy did damage a computer belonging to the State of Alaska in April 2018.”
Canadian officials received assistance from Dutch authorities and Europol in this case; Canadian authorities also charged Philbert, claiming that he was apprehended on November 30. Authorities did not specify which ransomware gang Philbert was a member of or which operations he is responsible for.
"Cybercriminals are opportunistic and will target any business or individual they identify as vulnerable," stated Deputy Commissioner Chuck Cox of the Ontario Provincial Police.
Philbert is charged with one count of conspiracy to commit fraud as well as another count of fraud and associated activities involving computers.
Cox stated during the press conference that the FBI alerted officials in Ontario over Philbert's activities, which also included ransomware cyberattacks on businesses, government entities, and individual citizens. Police further stated they were able to seize multiple laptops, hard drives, blank cards with magnetic stripes, as well as a Bitcoin seed phrase while Philbert was being arrested.
In January, authorities in Florida apprehended another Canadian individual concerning several Netwalker ransomware attacks. According to the DOJ, Sebastien Vachon-Desjardins made around $27.6 million through various ransomware attacks on Canadian companies such as the Northwest Territories Power Corporation, the College of Nurses of Ontario, and the Canadian tire business in British Columbia.
Some people believe that ransomware attacks originated in Russia or the Commonwealth of Independent States, according to Emsisoft risk analyst Brett Callow, a ransomware expert located in Canada.
Whereas the ransomware was "made" in certain countries, Callow pointed out that the people who use it to carry out attacks could be located elsewhere.
"In fact, there's so much money to be made from ransomware, it would be extremely surprising if individuals in countries like Canada, America, and the UK hadn't entered the market. Those individuals may, however, be sleeping a little less well at night than they used to. In the past, there was a near-zero chance of them being prosecuted for their crimes, but that's finally starting to change," Callow said.
