- Peter Stokes, a 19‑year‑old dual US‑Estonian citizen, has been extradited from Finland.
- Stokes was arrested in April 2026 on an INTERPOL Red Notice and is awaiting trial.
- He allegedly stole business data and demanded $8M in crypto to restore system access.
According to the US Department of Justice, Peter Stokes, a 19‑year‑old with dual US‑Estonian citizenship, has been extradited from Finland to the US to face charges for his alleged role in the infamous Scattered Spider hacking group. He now faces federal charges in Illinois, including conspiracy, computer fraud, cyber intrusion, and wire fraud.
Stokes was arrested in Finland in April 2026 on an INTERPOL Red Notice, then extradited to the US in the last week of June. He appeared in federal court in Chicago and is being held until his trial.
The prosecutors say Stokes, who went by “Bouquet,” was part of several attacks on US companies, including a luxury jewelry retailer. The biggest charge is that he allegedly stole confidential business data, locked up their systems with ransomware, and demanded around $8 million in crypto to unlock everything and keep the data private.
The indictment also charges him with credential theft and extortion, both of which are consistent with Scattered Spider tactics. Unlike a lot of ransomware groups that work out of sanctioned countries, Scattered Spider usually relies on social engineering to get access, as opposed to advanced malware.
Who is Scattered Spider?
Scattered Spider, also known to different security firms as UNC3944, Octo Tempest, or 0ktapus, has become one of the most threatening cybercriminal groups over the last few years. The group is thought to be made up mostly of young, English‑speaking hackers from the US, UK, Canada, and Europe.
Rather than exploiting software vulnerabilities first, they’re experts at tricking people. The group’s playbook includes calling IT help desks to reset passwords, posing as employees, SIM swaps, phishing, overwhelming people with MFA alerts, and stealing login info.
Once inside a network, they often team up with ransomware crews to lock up systems and demand a payout. The FBI, Microsoft, Google Cloud, and others have all called Scattered Spider one of the top cybercrime threats.
The US Department of Justice states that the group has pulled off over 100 network breaches, costing victims more than $100 million in ransoms and millions more in other damages.
Related: INTERPOL Warns About AI Scams and Ransomware Surge in Asia-Pacific
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.