A 31-year-old Ottawa man has been charged with fraud and computer crimes in connection with ransomware attacks that were allegedly used to siphon off money from hundreds of people and organizations.
The case against Matthew Philbert, who was charged in the nation’s capital, is a relatively rare one for the country and could set criminal-law precedents if proven in court, police say.
Mr. Philbert is also being prosecuted in a parallel case announced by U.S. officials, who described him in newly unsealed court documents as “a well-known, if mid-level, cybercriminal residing in Canada.”
Ransomware is an increasingly common and profitable form of computer crime where hackers send e-mails to victims with embedded attachments. When someone clicks on the attachment, it deploys malicious software – or “malware” – that can be used to scramble the data on a computer or computer network. The hackers promise to decrypt the data, but only if their victim pays a ransom.
Surveys have shown that most affected Canadian businesses will pay to restore their data. The Communications Security Establishment, a federal government intelligence agency in Canada, reported this week that corporate victims of ransomware attacks are now paying an average of $200,000 to resolve the problems.
Mr. Philbert was arrested by the Ontario Provincial Police after an investigation that lasted nearly two years. In January, 2020, the U.S. Federal Bureau of Investigation relayed tips to Canada that resulted in the charges now being pursued in Ontario.
He was charged with fraud, unauthorized use of a computer and possession of a device to obtain unauthorized use of a computer.
Police allege Mr. Philbert was “a prolific offender with victims all over Canada and the United States – well in excess of 1,000,” said OPP Detective Inspector Matt Watson.
He would not reveal specifics but said the investigation is continuing, with OPP detectives still trying to identify victims and potential accomplices.
Authorities are unfurling complex trails of Internet exchanges, bank transactions and Bitcoin cryptocurrency, , he said. “This is the most prolific one I’ve seen up till now,” said Det. Watson about the case.
He said the investigation has so far revealed several skilled hacking techniques deployed to draw money from victims – not just ransomware, but also bank transactions done with information stolen from inside infiltrated computers.
“The unauthorized access provided the suspects with the ability to monitor their computer, view their web camera, collect user names, passwords and log-in credentials,” Det. Watson said. A hacker or hackers “would then gain access to the victim’s online banking – and the unauthorized transactions would occur without the victim’s knowledge or consent.”
Det. Watson said police believe Mr. Philbert is targeting private citizens and “a lot of small businesses – businesses that were already suffering because of COVID.”
The detective added that Canadian criminal justice system does not have ransomware convictions on the books. “It’s not like we’ve got some case law to look at,” Det. Watson said. “We’re making that case law right now.”
Mr. Philbert is in custody in Canada. A spokeswoman for the U.S. Department of Justice would not say whether the United States will launch an extradition bid.
“As a matter of policy, the U.S. Department of Justice generally does not comment on extradition-related matters until a defendant is in the United States,” said spokeswoman Nicole Navas Oxman.
The U.S. criminal complaint is more narrowly scoped than the Canadian case. It alleges that Mr. Philbert hacked into a computer system in Alaska. Documents filed in that state say that U.S. prosecutors will eventually be looking to seize the suspect’s assets.
Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.