Canadian police arrest Ottawa resident for ransomware attacks

Canadian police have detained an Ottawa resident for his alleged role in orchestrating ransomware attacks against private companies and government agencies in Canada and the US since 2018.

Matthew Philbert, 31, of Ottawa, was detained last week, on November 30, as part of Operation CODA. He was formally charged today in both Canada and the US.

According to a press conference today, Philbert is believed to have worked with an international cybercrime group to infect organizations with malware via phishing emails.

The malware allowed Philbert and his co-conspirators to access the infected systems and deploy ransomware.

The Ontario Provincial Police, which led the Canadian investigation, said it learned of the suspect after being contacted by the FBI's Anchorage bureau in January 2020.

According to a copy of the US indictment, Philbert was linked to an attack on unnamed Alaska-based healthcare entity on April 28, 2018.

"Today's unsealed indictment is a great example of the importance of international partnerships to combat the evolving and growing threat of cybercrimes," said Bryan Wilson, Acting US Attorney for the District of Alaska, in a DOJ press release.

"Cybercriminals are a dangerous threat and together with our law enforcement partners, we will use all our available resources to bring cybercriminals who target Alaskans to justice, wherever they are."

Article updated with information from the official indictment, released after this article's publication.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

No previous article
No new articles