In a joint operation with the FBI, West Midlands Police have made an arrest in connection with the ransomware attack on MGM Resorts in Las Vegas last summer.
The force has pulled in an unnamed Walsall seventeen-year-old boy on suspicion of blackmail and breaches of the Computer Misuse Act, and have seized several digital devices for forensic examination. The teenager has been released on bail.
The arrest is part of a global investigation into a large-scale cyber hacking community known as Scattered Spider, Octo Tempest, 0ktapus or UNC3944, which is believed to have been responsible for a number of attacks.
"This arrest has been made following a complex investigation which stretches overseas to America. We have been working closely with the National Crime Agency and FBI," said detective inspector Hinesh Mehta, cyber crime unit manager at the Regional Organised Crime Unit for the West Midlands.
"These cyber groups have targeted well-known organizations with ransomware and they have successfully targeted multiple victims around the world taking from them significant amounts of money."
Last summer, Scattered Spider hit MGM Resorts with a ransomware attack that left guests locked out of rooms, resorts only able to accept cash payments, and slot machines inoperable. The company refused to pay a ransom, and had its systems up and running again within days.
"We're proud to have assisted law enforcement in locating and arresting one of the alleged criminals responsible for the cyber attack against MGM Resorts and many others," the casino company said in a statement.
"By voluntarily shutting down our systems, refusing to pay a ransom, and working with law enforcement on their investigation and response, the message to criminals was clear: it's not worth it."
Scattered Spider attacks
Following the MGM Resorts attack, the FBI and CISA called for more victims to come forward and share details such as ransom notes, any communications they may have had with the group, their Bitcoin wallet information, and decryptor files.
However, Scattered Spider didn't stop at MGM Resorts, and has been active since, in particular attacking banks and insurance firms. Its targets have included Visa, PNC, Transamerica, New York Life Insurance Co, and Synchrony Financial, according to Bloomberg.
The group has been running domains that closely resemble those of their targets and hosting fake log-in pages to harvest employees' credentials. It is believed to have hit more than 100 organizations since 2022.
This latest move follows the arrest in June of a 22-year-old Spanish hacker, and of a Florida man back in January who are both also believed to have been part of the group.
RELATED WHITEPAPER
"Today's arrest is a testimony to the strength of the FBI's domestic, international, and private sector partnerships," says Bryan Vorndran, assistant director of FBI's Cyber Division.
"The FBI, in coordination with its partners, will continue to relentlessly pursue malicious actors who target American companies, no matter where they may be located or how sophisticated their techniques are."
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
