British police have arrested a 19-year-old man linked to the Scattered Spider hacker group, which is accused of extorting more than $115 million from more than 100 organizations; authorities also seized related digital assets.
The arrests revealed the group was responsible for about 120 cyberattacks, with profits used to buy game gift cards and order food. Court documents said many victims paid ransoms, while law enforcement seized tens of millions of dollars in digital assets.
- 19-year-old arrested in connection with Scattered Spider, a group suspected of extorting more than $115 million.
- Documents show about 120 attacks; some victims paid ~$89.5 million in ransom.
- Methods include SIM hijacking and social engineering; authorities confiscated about $36 million in digital assets.
Summary of the incident
British police have arrested a 19-year-old suspect linked to the Scattered Spider group, accused of participating in dozens of cyber attacks and extortion campaigns.
Investigations revealed that the suspect was exposed when he used the ransom money to buy game gift cards and order food, helping investigators trace the transactions and server wallets involved.
Ransom and property seizure scale
According to court documents and investigative reports, the group is accused of extorting a total of more than $115 million, with five companies paying about $89.5 million in ransom.
Enforcement said it seized about $36 million worth of digital assets from server wallets linked to the suspects, helping to mitigate some of the financial damage to victims.
How Scattered Spider Works
The group uses SIM hijacking and social engineering to infiltrate systems, then deploys ransomware and demands ransom from organizations and individuals.
This tactic takes advantage of security process vulnerabilities like two-factor authentication via phone number; when an attacker controls the phone number, they can bypass many protections.
Impact and recommendations
The incident highlights the risks to organizations that have not strengthened access controls and recovery processes; organizations that are attacked can suffer financial loss and operational disruption.
Recommendations include implementing strong SMS-independent authentication, reviewing access permissions, encrypting backup data, and having an incident response plan to reduce the risk of extortion.
When was the Scattered Spider arrest?
The 19-year-old suspect was recently arrested following a recent investigation; the specific timing in the original report is not reproduced here.
How much is the confiscation and ransom?
The document states that the group is accused of extorting more than $115 million; about $89.5 million was recorded from five companies that paid ransom; about $36 million in digital assets were seized.
How does the group work?
Scattered Spider is believed to use SIM hijacking and social engineering to access systems, then deploy ransomware and demand ransoms from target organizations.
What should businesses do to prevent this?
Implementing non-SMS multi-factor authentication, access control, encrypted backups, and developing an incident response plan are essential measures.
