An alleged member of Scattered Spider, the prolific hacking crew behind some of the biggest corporate breaches of the past few years, has been extradited from Finland to face U.S. charges over an $8 million cryptocurrency ransom demand.
Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in Chicago federal court on Tuesday on conspiracy, cyber intrusion, and fraud charges, according to a statement by the Justice Department. Finnish police arrested him in April on an Interpol Red Notice, and he was extradited last week and ordered held pending trial.
The complaint centers on a May 2025 breach of an unnamed luxury jewelry retailer. According to the indictment, Stokes and alleged accomplices talked their way past the company's IT help desk to reset employee 2FA credentials, then stole data and demanded about $8 million in crypto. Security staff evicted them and never paid, though the retailer still lost at least $2 million to disruption and cleanup.
A widening dragnet
Scattered Spider, also known as Octo Tempest, UNC3944, and 0ktapus, is a loose collective of hackers that prosecutors say has carried out more than 100 intrusions and collected over $100 million in ransoms. Its hallmark is social engineering rather than malware: members phone help desks, pose as staff, then extort crypto to unlock or suppress stolen data. The tactics powered 2023's attacks on MGM Resorts and Caesars Entertainment, the latter of which paid a roughly $15 million ransom.
Stokes joins a lengthening list of members in U.S. courts. Alleged ringleader Tyler Buchanan, a 24-year-old Scot, pleaded guilty in April to a phishing spree that stole at least $8 million in crypto, and Florida's Noah Urban was sentenced to 10 years after reporting tied him to breaches including crypto exchange Crypto.com. The DOJ charged five alleged members in a separate 2024 crypto-phishing case.
Crypto ransoms around the world
The jeweler's refusal to pay mirrors a broader shift in responses to crypto ransom demands. Ransomware crews extorted about $850 million in crypto in 2025, flat from a year earlier, even as victim postings on leak sites jumped 44%, according to TRM Labs. While the threat landscape has expanded due to lower barriers to entry for criminals, TRM Labs reported that total ransomware-linked volume fell to roughly $1.3 billion from $1.9 billion in 2024, as victims "increasingly refusing to pay their attackers."
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。