Court documents filed in the District of New Jersey suggest that victims of the hacking group Scattered Spider paid at least $115 million in ransom payments.
According to the complaint, 19-year-old Thalha Jubair, a prominent member of Scattered Spider, conspired with others to gain unauthorized access to computer networks in the US.
They stole and encrypted corporate information and demanded ransom payments from victims. If the victims didn’t comply, Jubair and his accomplices threatened to publish the exfiltrated data.
In October 2024 and January 2025, Jubair participated in a scheme to gain unauthorized access to the networks of a US-based critical infrastructure company and the US Courts.
Between May 2022 and September 2025, he and his associates were involved in 120 network intrusions, extorting 47 companies and organizations located in the United States. Collectively, the victims paid well over $115 million in damages to recover their stolen data and prevent disclosure.
Portions of the illicit gains from at least five victims were sent to wallets on a server controlled by Jubair. In July 2024, when law enforcement authorities seized this server, Jubair transferred $8.4 million to another wallet.
Jubair is charged with computer fraud conspiracy, two counts of computer fraud, wire fraud conspiracy, two counts of wire fraud, and money laundering conspiracy.
If found guilty, he faces a maximum penalty of 95 years in prison.
“These malicious attacks caused widespread disruption to US businesses and organizations, including critical infrastructure and the federal court system, highlighting the significant and growing threat posed by brazen cybercriminals.
“The charges underscore the Department’s unwavering commitment to keeping pace with technologically savvy bad actors and holding accountable those who seek to profit from ransomware,” Acting Assistant Attorney General Matthew Galeotti of the Justice Department’s Criminal Division said in a statement.
Jubair was arrested last week by the National Crime Agency (NCA) and City of London police. British authorities accuse him of being one of the attackers responsible for the cyberattack on Transport for London (TfL), which took place in September 2024.
In addition to gaining unauthorized access to secured computers and committing computer fraud, wire fraud, and money laundering, Jubair has been charged with failing to disclose the passwords of the devices that were seized from him by law enforcement officers under the RIPA Act. This is a law from the United Kingdom that regulates how public bodies conduct surveillance and access communication.
Your email address will not be published. Required fields are markedmarked