[TheRecord] Canadian police arrest Ottawa resident for ransomware attacks

Canadian police have detained an Ottawa resident for his alleged role in orchestrating ransomware attacks against private companies and government agencies in Canada and the US since 2018.

Matthew Philbert, 31, of Ottawa, was detained last week, on November 30, as part of Operation CODA. He was formally charged today in both Canada and the US.

According to a press conference today, Philbert is believed to have worked with an international cybercrime group to infect organizations with malware via phishing emails.

The malware allowed Philbert and his co-conspirators to access the infected systems and deploy ransomware.

While officials didn’t share any of the victims’ names, the US Department of Justice did mention that one of Philbert’s victims was “a computer belonging to the State of Alaska in April 2018,” which coincides with a highly-mediatized ransomware attack that hit the Alaska court system at the same time and crippled its operations for weeks.

The Ontario Provincial Police, which led the Canadian investigation, said it learned of the suspect after being contacted by the FBI’s Anchorage bureau in January 2020, which currently strongly suggests that Philbert might have been involved in the aforementioned attack.

“Today’s unsealed indictment is a great example of the importance of international partnerships to combat the evolving and growing threat of cybercrimes,” said Bryan Wilson, Acting US Attorney for the District of Alaska, in a DOJ press release.

“Cybercriminals are a dangerous threat and together with our law enforcement partners, we will use all our available resources to bring cybercriminals who target Alaskans to justice, wherever they are.”

The post Canadian police arrest Ottawa resident for ransomware attacks appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2020-08-14

NSA and FBI Cybersecurity Advisory – Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server. When deployed on a victim machine, the Drovorub implant […]

Read More

[SecurityWeek] Google Finds 35,863 Java Packages Using Defective Log4j

All posts, Security Week

The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ThreatPost] Golang Cryptomining Worm Offers 15% Speed Boost

All posts, ThreatPost

The latest variants of the Monero-mining malware exploit known web server bugs and add efficiency to the mining process. Source: Read More (Threatpost)

Read More