In a rare turn of events, a prolific hacker in Canada who has caused financial ruin with ransomware attacks will be paying full restitution to his victims. Matthew Philbert, a 33-year-old from Ottawa, recently pleaded guilty to years of cyber attacks and was sentenced to two years in jail. Despite this setback, it has been revealed that he will be making full restitution to the tune of approximately $49,200.
Philbert’s hacking exploits involved targeting the computers of over 1,000 individuals, businesses, and organizations, including three police departments. By using a remote-access malware program, he gained full control over his target computers and used anonymous email addresses and remote servers to mask his identity. Philbert’s modus operandi involved sending emails under the guise of securing employment, including a fake resume that contained malware. Once the recipients opened the attachment, Philbert would gain access to their computers, collect banking logins, and execute unauthorized email transfers from the victim’s accounts.
His bitcoin wallet was found to have received payment for four ransomware attacks, each rendering the target computer unusable until a ransom in cryptocurrency was paid. After Philbert’s arrest, the police seized his cryptocurrency, amounting to approximately $46,000 at the time. They also uncovered evidence that he had given virtual access to stolen login credentials and passwords to unidentified third parties, creating the potential for further dissemination of sensitive information.
A total of 1,113 victims were identified in the Ontario Provincial Police (OPP) investigation, with Philbert demonstrating audacity by targeting even police departments and a nonprofit organization such as Ronald McDonald House. However, it is worth noting that most victims whose computers were compromised did not lose money. The OPP case was initiated in January 2020 after the FBI shared its findings on Philbert’s cyber attack on a computer server owned by the State of Alaska. This led to the culmination of the case, wherein Philbert pleaded guilty to fraud, unauthorized use of a computer, possession/trafficking in computer password, and mischief to computer data.
Despite the havoc caused by Philbert’s cyber attacks, the news of him being required to pay full restitution brings a glimmer of hope to the victims. As they recover from the impact, this development serves as a rare instance where those affected by fraud may see justice served. It also sends a message to other cybercriminals that their actions will not go unpunished. The victims can now anticipate the details of the restitution to be finalized in court, giving them some measure of closure and reparation for the damage caused by Philbert’s crimes.