The United Kingdom police have nabbed two teens associated with the Bitcoin extortion group Scattered Spider

The United Kingdom authorities have nabbed one of the two teens associated with the Bitcoin extortion gang Scattered Spider cybercrime gang. According to the authorities, the group has been accused of extorting more than $115 million in ransom payments from more than 100 organizations.

According to reports, the United Kingdom police arrested the criminal after trailing a number of clues, including payments for gift cards from a wallet on the same server that held wallets that received some of the extortion payments. Scattered Spider operated SIM-swapping turned social engineering attacks before moving to ransomware.

United Kingdom authorities claimed they have been around since at least 2022, and seven of its members were nabbed last year after several digital heists at the high-profile Las Vegas casino.

United Kingdom authorities arrest teen linked with ransomware group

The group has been blamed for several high-profile cases across the United Kingdom in April, although two of its members, 19-year-old Thalha Jubair and 18-year-old Owen Flowers, were arraigned in court last Thursday for their roles in a cyberattack that occurred in London last year.

Meanwhile, in the United States, Jubair is also facing criminal charges, with US Attorney Alina Habba noting that he “went to great and sophisticated lengths to keep himself anonymous,” while partaking in about 120 network intrusions.

According to authorities, Jubair allegedly made some mistakes that led authorities to his alleged ransomware criminal activities. The most incriminating was when someone took digital assets on a server that held ransomware funds to buy gaming gift cards for an account tied to Jubair. In addition, someone also purchased food-delivery gift cards, using them to order takeout to an apartment complex where he lived.

According to court documents, which have remained unsealed, the Justice Department charged Jubair with conspiracies to commit computer fraud, wire fraud, and money laundering related to at least 120 intrusions carried out by the Scattered Spider gang, with extortion attacks adjudged to have happened between May 2022 and this month. The criminal complaint only named one of the victims of Jubair, which was, coincidentally, the United States federal court system.

Court documents reveal the extent of crimes

According to the document, the digital intrusion occurred in January and was operated in the typical modus operandi of the Scattered Spider group. “The Conspirators gained access by, among other things, contacting the helpdesk for the U.S. Courts network on or about January 8, 2025, among other dates, and causing an individual to reset a user’s password.

Once inside the network, the Conspirators: (a) took over two additional accounts; and (b) exfiltrated data from the network, including but not limited to the names, 15 usernames, roles, and mobile telephone numbers for United States Courts personnel,” the document read.

The document claimed that the digital thieves then used the stolen credentials to access accounts belonging to three users, one of whom was a federal magistrate judge, searching his inbox for terms including “subpoena,” the names of different charged cybercriminals, and “scattered spider.”

In addition, the United Kingdom ransomware group allegedly used one of the compromised accounts to send a message to financial services, requesting the emergency disclosure of customer account information.

The other seven US-based victims were not listed, but rather identified by numbers. They include a manufacturer, an entertainment firm, two retailers, two financial services companies, and a critical infrastructure firm. In five of the intrusions, the companies paid ransoms worth about $89.5 million at the time of payment.

Portions of ransom payments from at least five victims were traced to wallets on a server the FBI says Jubair controlled, with agents later seizing $36 million in digital assets from wallets on the server.

Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.