Peter Stokes extradited to US over $8M crypto ransom scheme tied to Scattered Spider

1 hour ago 25

Law enforcement caught up with Peter Stokes at Helsinki airport in April 2026. He was reportedly trying to board a flight to Japan. Instead, he ended up in Finnish custody, and on June 30, 2026, he appeared in a Chicago federal courtroom facing charges that read like a greatest-hits list of cybercrime: conspiracy to damage protected computers, cyber intrusion, and fraud.

Stokes is 19 years old. He holds dual US-Estonian citizenship. And according to federal prosecutors, he was a working member of Scattered Spider, one of the most prolific and disruptive hacking collectives active today.

The $8 million ask that went unanswered

The centerpiece of the charges against Stokes involves a May 2025 breach of a luxury jewelry retailer. The attackers demanded roughly $8 million in cryptocurrency as ransom. The company said no.

That refusal came at a cost. The retailer spent over $2 million recovering from the attack, restoring systems, and dealing with the fallout.

Two terabytes worth of data were seized from hard drives found on Stokes at the time of his arrest. Prosecutors have also connected him to at least four separate intrusions, allegedly beginning when he was just 16 years old.

Who is Scattered Spider, exactly

Scattered Spider, also tracked under the names Octo Tempest and UNC3944, is not a typical ransomware gang. The group is known for sophisticated social-engineering attacks, calling up help desks, impersonating employees, and talking their way into corporate accounts. Their targets have spanned retail, hospitality, financial services, and technology sectors.

By the time Stokes was arrested, the group had been linked to more than 100 unauthorized corporate intrusions. Ransom demands tied to those breaches exceeded $100 million in aggregate.

A pattern of arrests, not an isolated case

Stokes is not the first Scattered Spider-linked defendant to face justice, and likely will not be the last. Two other alleged members of the group recently pleaded guilty to related charges in the United Kingdom, part of what appears to be a coordinated, multi-jurisdictional push to dismantle the network.

The group skewed unusually young, with members allegedly recruited in their mid-teens through online gaming communities and cybercrime forums.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

Read Entire Article