More

    Scattered Spider Suspect Handed to US Over Crypto Ransom


    A teenager suspected of involvement with the “Scattered Spider” hacking group has been extradited to the US over his alleged role in an $8 million crypto ransom.

    The US Justice Department said on Wednesday that Peter Stokes, a 19-year-old dual US-Estonian national, was arrested in Finland in April on an Interpol Red Notice and extradited to the US last week to appear in a Chicago federal court on Tuesday.

    A criminal complaint unsealed in court accused Stokes and others of breaching a luxury jewelry retailer’s computer system in May 2025 to steal data and demand a ransom payment of $8 million in crypto. The retailer managed to evict them from the network and did not pay the ransom, but suffered $2 million in disruption damages, according to the complaint.

    Stokes is one of the few arrests that authorities have tied to Scattered Spider, which often uses crypto ransoms. Ransomware actors received more than $820 million in payments last year, an 8% decline from 2024, even as attacks rose by 50%.

    An image the FBI took from Stokes’ Snapchat account shows him wearing a necklace that says “Hack the Planet,” a quote from the 1995 cult film “Hackers.” Source: US Department of Justice

    Alleged hack started with phishing call

    According to the complaint, the hack against the jewelry retailer started with several phishing calls to the company’s technology help desk, with Stokes and others allegedly pretending to be employees requesting a reset of login credentials.

    Authorities alleged the hackers managed to compromise three employee accounts in as little as two hours, two of which belonged to company IT administrators, who had access to higher-privilege accounts that were also breached and used to access the company’s systems, 

    After a few days, Stokes and others allegedly sent a ransom note from a compromised company email account to demand funds or they would publish credit card and payment information.

    However, the complaint said the company repelled the intrusion and that the intruders later contacted the company separately to demand $8 million, which the company did not pay.

    Stokes allegedly involved in “numerous intrusions”

    The complaint accused Stokes, who uses the online nicknames “Bouquet” and “Jordan,” of being a “Scattered Spider member who has engaged in numerous intrusions, or assisted in them” on multiple unnamed companies.

    Authorities claimed that a search of a storage device allegedly linked to Stokes showed it contained downloads from a virtual private server that Microsoft had identified as being used to carry out intrusions on companies.

    The complaint alleged that it also “contained exfiltrated records from multiple victim-companies.”

    Related: Taiko reopens bridge after $1.7M exploit, says users made whole

    The complaint claimed that Stokes’ Snapchat account shows “substantial wealth for a person his age” and alleged that he used the account to boast “about his international travel and wealth, and sent media regarding apprehended Scattered Spider members.”

    The Justice Department said that Scattered Spider, also known as “Octo Tempest,” “UNC3944,” and “0ktapus,” has been involved in over 100 network intrusions, resulting in more than $100 million in ransom payments and millions of dollars in damages.

    Stokes was charged with six counts related to hacking, cyber extortion, fraud and conspiracy.

    Magazine: Crypto scammers face death, Aussie CGT makes Asian hubs attractive: Asia Express



    Source link

    Latest stories

    You might also like...