A Canadian involved in numerous ransomware and other types of cyberattacks against businesses, government entities, and individuals in Canada was sentenced last week to two years in prison.
The man, Matthew Philbert, 33, of Ottawa, Ontario, was arrested by the Ontario Provincial Police in November 2021, following a 23-month investigation, being charged with fraud, computer intrusions, and intent to perform computer intrusions.
In December 2021, the US Department of Justice also announced charges against Philbert. According to the indictment (PDF), his actions could have impacted “the medical examination, diagnosis, treatment and care of one or more individuals”.
Named by the Canadian authorities the “most prolific cybercriminal” identified in the country, Philbert admitted in court in October 2023 to launching cyberattacks targeting over 1,000 entities, including a municipality, police departments, and a school.
His modus operandi involved phishing emails carrying malicious attachments designed to drop malware that would provide Philbert with full control over the victims’ machines.
The investigators discovered that he received payments in Bitcoin as a result of at least four ransomware attacks.
Philbert is estimated to have caused losses of just over $49,000. Most of his victims, however, did not lose money.
Law enforcement’s investigation into Philbert’s cybercriminal activities also revealed that he provided access to stolen credentials to third parties.