In a significant development in the global fight against cybercrime, an alleged member of the notorious Scattered Spider hacking group has been extradited to the United States after being arrested in Finland. The US Department of Justice said Peter Stokes, 19, a dual US-Estonian citizen, has been charged with conspiracy, unauthorized computer intrusion, and fraud. He was arrested in Finland in April and has since appeared before a federal court in Chicago, which ordered him to remain in custody pending further proceedings.
According to the criminal complaint, Stokes and his alleged accomplices targeted the computer network of a luxury jewellery retailer in May 2025. Prosecutors allege that after stealing sensitive company data, the attackers demanded nearly ₹69 crore worth of cryptocurrency as ransom.
Although the company’s cybersecurity team successfully removed the attackers from its network before any ransom was paid, the incident still caused losses of at least ₹17 crore due to business disruption, digital forensic investigations, system restoration, and other mitigation measures.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
Scattered Spider, also known as Octo Tempest, UNC3944, and 0ktapus, is regarded as one of the world’s most active cybercriminal groups. The gang is known for using social engineering techniques, identity theft, unauthorized network access, and data theft to extort large ransom payments from corporate victims.
According to the FBI, the group has been linked to more than 100 network intrusions, resulting in over ₹860 crore in ransom payments by victims, in addition to millions of rupees in losses related to incident response, business interruption, and system recovery.
The group has also been associated with several high-profile cyberattacks in the United States, the United Kingdom, and other countries. In June 2026, two men in the UK pleaded guilty to carrying out a cyberattack on Transport for London (TfL). Investigators said the attack, which took place between August and September 2024, forced all 28,000 TfL employees to attend offices for mandatory password resets, resulting in estimated recovery costs of around ₹340 crore.
The UK’s National Crime Agency (NCA) said such incidents demonstrate the growing threat posed by young cybercriminals operating from English-speaking countries and highlighted Scattered Spider as one of the most significant organised cybercrime networks currently active.
A researcher at Algoritha Security said groups such as Scattered Spider rely heavily on social engineering in addition to exploiting technical vulnerabilities. The researcher noted that strong cybersecurity requires more than technical controls alone, recommending multi-factor authentication (MFA), regular security audits, employee cybersecurity awareness training, continuous monitoring of privileged accounts, and rapid incident response capabilities to defend against sophisticated cyberattacks.
