UK Court Sentences Two Hackers in $115M Crypto Ransom Case

Changelly
Bitbuy


The UK’s National Crime Agency (NCA) and the Metropolitan Police’s City of London Police have announced prison sentences for two men tied to the “Scattered Spider” cybercrime group. Both defendants entered guilty pleas at their first court appearance and were later sentenced at Woolwich Crown Court.

According to an NCA press release, the men pleaded guilty on June 22 and were sentenced on Thursday to a combined term of five years and six months in prison. Authorities said the case underscores how ransomware operators increasingly use cryptocurrency to monetize intrusions and extort victims.

Key takeaways

  • The NCA and City of London Police say two Scattered Spider affiliates received five years and six months for hacking-related offenses.
  • UK investigators linked the group to ransomware and cryptocurrency extortion activity affecting companies in both the UK and the US.
  • US prosecutors previously associated Scattered Spider with large-scale crypto ransom collection, including at least $115 million from US companies.
  • The group has also been tied to major incidents such as a public transport intrusion in London and separate claims involving Caesars Entertainment.

UK sentencing in the Scattered Spider case

The NCA said the two men were convicted in connection with cybercriminal activity associated with Scattered Spider, a group investigators have linked to ransomware and extortion schemes that use cryptocurrency payments.

In the court process described in the NCA update, both defendants pleaded guilty at their first appearance on June 22. The sentencing then took place on Thursday at Woolwich Crown Court, as reported in the NCA’s release.

okex

For crypto-focused observers, the significance is less about the jail terms alone and more about how law enforcement continues to connect real-world extortion campaigns to digital asset flows—an area where blockchain analytics and custody investigations often determine whether perpetrators can be financially disrupted.

London transport network intrusion and reported losses

British authorities said the Scattered Spider group was involved in the infiltration of London’s public transport network in September 2024. The incident was reported to have resulted in losses and recovery costs of about £29 million (roughly $38.9 million).

While the sentencing announcement is specific to the two defendants, the underlying allegations tie back to a broader campaign pattern: gaining access to high-value targets, disrupting operations, and demanding payments—often in cryptocurrency—under time-sensitive pressure.

Investors and builders watching these cases generally look for a clear signal on enforcement priorities: when high-profile systems are targeted, governments typically respond with both criminal prosecution and efforts to trace and seize assets connected to extortion.

US DOJ links: crypto extortion at large scale

In a separate Department of Justice statement from September, US prosecutors said Scattered Spider was tied to collecting $115 million in cryptocurrency ransom payments from at least 47 US companies. That same DOJ release also described broader disruptions attributed to the group, including attacks impacting critical infrastructure and the federal court system.

The scale described by the DOJ matters because it suggests Scattered Spider is not a one-off operation. Instead, prosecutors portrayed it as a campaign capable of repeatedly compromising organizations and converting the resulting leverage into crypto-linked revenue.

The DOJ statement also described a broader investigation into the group’s activities, including repeated network intrusions. In such cases, sentencing outcomes in one jurisdiction can be interpreted as pieces of a larger enforcement strategy, where cases in the UK and US collectively strengthen the evidentiary record around the same actors and methods.

FBI seizure and earlier crypto ransom allegations

According to the DOJ’s September release, the FBI seized approximately $36 million worth of cryptocurrency from wallets linked to Scattered Spider in July 2024. Prosecutors said investigators traced and seized digital assets allegedly controlled by members of the group as part of the wider case.

US prosecutors further said Scattered Spider was accused of breaching Caesars Entertainment and stealing a large customer database in September 2023. Prosecutors said Caesars ultimately paid a $15 million ransom in Bitcoin (BTC). That earlier allegation fits the same overall pattern of using crypto as the payments mechanism for extortion demands.

The combination of wallet-linked seizures and later courtroom sentences highlights the practical leverage of crypto intelligence for law enforcement: tracking transfers and correlating wallet activity with criminal conduct can support both asset recovery and prosecution.

In the DOJ’s account, investigators said the group was responsible for at least 120 computer network intrusions. The NCA sentencing announcement does not enumerate those numbers, but it aligns with the DOJ’s broader framing of an expanding threat. For victims and compliance teams, the message is consistent: crypto-enabled ransomware operations continue to attract coordinated international responses, even when the extortion attempts cross borders.

“These malicious attacks caused widespread disruption to US businesses and organizations, including critical infrastructure and the federal court system, highlighting the significant and growing threat posed by brazen cybercriminals,” said Matthew Galeotti, then acting assistant attorney general of the Justice Department’s Criminal Division.

What to watch next

With Scattered Spider affiliates now facing prison time in the UK and prosecutors having described large crypto-related seizures and ransom totals in the US, the next key question is whether additional defendants—along with more wallet-linked assets—will be identified and targeted across jurisdictions. For companies and crypto traders alike, continued enforcement can meaningfully shape how ransomware groups attempt to move funds and how quickly investigators can disrupt those flows.

Risk & affiliate notice: Crypto assets are volatile and capital is at risk. This article may contain affiliate links. Read full disclosure





Source link

fiverr

Be the first to comment

Leave a Reply

Your email address will not be published.


*