A Canadian man is accused of masterminding ransomware attacks that caused “damage” to systems belonging to the US state of Alaska.
A federal indictment against Matthew Philbert, 31, of Ottawa, was unsealed yesterday, and he was also concurrently charged by the Canadian authorities with a number of other criminal offences at the same time. US prosecutors [PDF] claimed he carried out “cyber related offences” – including a specific 2018 attack on a computer in Alaska.
The Canadian Broadcasting Corporation reported that Philbert was charged after a 23 month investigation “that also involved the [Royal Canadian Mounted Police, federal enforcers], the FBI and Europol.”
Detective Inspector Matt Watson of the Ontario Provincial Police’s Criminal Investigation Branch told Canadian journalists: “We had individuals, just individuals whose home computers were compromised. We had small, medium-sized businesses. Many of these businesses were just hanging on by their fingernails through COVID and then they get hit with a very expensive ransomware demand. That’s pretty tough.”
The Ottawa Citizen newspaper added that Philbert’s alleged modus operandi was “sending spam emails with infected attachments.”
He is said to have become a suspect after the FBI contacted their Canadian counterparts following ransomware attacks in Alaska.
No specific details of the 2018 attack that prosecutors linked to Philbert were given. Canada’s justice system is similar to the UK’s, where precise details don’t generally enter the public domain until read out in court.
American prosecutors charged the Ottawa man with one count of conspiracy to commit fraud and related activity in connection with computers, along with one count of fraud and related activity in connection with computers.
Whoever was attacking the Alaskan state systems wasn’t alone in 2018; that year infosec firm Recorded Future linked an aggressive burst of port-scanning to China’s Tsinghua University, known for its computer science research.
Meanwhile, in 2019, a ransomware attack caused headaches for the remote Arctic province of Nunavut, which appeared to come from the DoppelPaymer ransomware gang.
While Canada doesn’t feature too highly in lists of cyber attack targets, the country commands significant cybersecurity expertise; as well as being home to Citizen Lab, the noted human rights-oriented cybersecurity research org (based out of the University of Toronto). Its law enforcement bodies have also taken part in multinational policing operations, including the Emotet botnet C2 takedown in January 2021. ®