UK police arrest teen in connection with MGM Resorts hack
The unnamed teenager is believed to be part of the Scattered Spider gang, responsible for more than 100 attacks
In a joint operation with the FBI, West Midlands Police have made an arrest in connection with the ransomware attack on MGM Resorts in Las Vegas last summer.
The force has pulled in an unnamed Walsall seventeen-year-old boy on suspicion of blackmail and breaches of the Computer Misuse Act, and have seized several digital devices for forensic examination. The teenager has been released on bail.
The arrest is part of a global investigation into a large-scale cyber hacking community known as Scattered Spider, Octo Tempest, 0ktapus or UNC3944, which is believed to have been responsible for a number of attacks.
"This arrest has been made following a complex investigation which stretches overseas to America. We have been working closely with the National Crime Agency and FBI," said detective inspector Hinesh Mehta, cyber crime unit manager at the Regional Organised Crime Unit for the West Midlands.
"These cyber groups have targeted well-known organizations with ransomware and they have successfully targeted multiple victims around the world taking from them significant amounts of money."
Last summer, Scattered Spider hit MGM Resorts with a ransomware attack that left guests locked out of rooms, resorts only able to accept cash payments, and slot machines inoperable. The company refused to pay a ransom, and had its systems up and running again within days.
"We're proud to have assisted law enforcement in locating and arresting one of the alleged criminals responsible for the cyber attack against MGM Resorts and many others," the casino company said in a statement.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"By voluntarily shutting down our systems, refusing to pay a ransom, and working with law enforcement on their investigation and response, the message to criminals was clear: it's not worth it."
Scattered Spider attacks
Following the MGM Resorts attack, the FBI and CISA called for more victims to come forward and share details such as ransom notes, any communications they may have had with the group, their Bitcoin wallet information, and decryptor files.
However, Scattered Spider didn't stop at MGM Resorts, and has been active since, in particular attacking banks and insurance firms. Its targets have included Visa, PNC, Transamerica, New York Life Insurance Co, and Synchrony Financial, according to Bloomberg.
The group has been running domains that closely resemble those of their targets and hosting fake log-in pages to harvest employees' credentials. It is believed to have hit more than 100 organizations since 2022.
This latest move follows the arrest in June of a 22-year-old Spanish hacker, and of a Florida man back in January who are both also believed to have been part of the group.
"Today's arrest is a testimony to the strength of the FBI's domestic, international, and private sector partnerships," says Bryan Vorndran, assistant director of FBI's Cyber Division.
"The FBI, in coordination with its partners, will continue to relentlessly pursue malicious actors who target American companies, no matter where they may be located or how sophisticated their techniques are."
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.