DOJ Indicts Two in Widespread Ransomware Campaign

The U.S. Department of Justice has unsealed an indictment charging two individuals as members of the prolific cybercrime group known as ‘Scattered Spider.’ Federal prosecutors have linked the pair to a sophisticated ransomware operation that extorted over $115 million from victim organizations. The charges represent a significant development in the federal investigation into the group, which is known for targeting large corporations.

The indictment details multiple felony counts, including conspiracy to commit wire fraud and conspiracy to commit computer fraud. According to court documents, the investigation was a multi-agency effort led by the Federal Bureau of Investigation (FBI). The charges outline a series of intrusions that leveraged advanced social engineering tactics to compromise corporate networks across the United States.

Tactics and High-Profile Victims

The federal indictment specifies that Scattered Spider’s methods included SIM swapping, voice phishing, and the impersonation of IT help desk personnel to steal employee credentials. Once initial access was secured, the actors allegedly deployed the ALPHV/Blackcat ransomware to encrypt critical data and disrupt business operations. The group would then demand substantial ransom payments to restore services and prevent the public release of exfiltrated corporate data.

The court filings connect the defendants’ activities to major security breaches at publicly traded casino and hospitality companies. These attacks resulted in significant operational shutdowns and financial losses for the victims. The sum of $115 million cited by federal authorities is based on ransom payments made by numerous compromised organizations to the cybercrime group.