FBI Warns of New Ransomware Group “Scattered Spider”

This post is also available in: עברית (Hebrew)

The FBI is warning organizations of the ransomware group “Scattered Spider” that has for the past year breached dozens of American firms and stolen their sensitive data for extortion.

This alert follows a report by Reuters stating it had struggled to stop the hacker group, which is known to be using fake profiles and impersonations to trick a victim organization’s help desk into giving them access.

The cybergang has reportedly joined forces with the ALPHV/BlackCat ransomware group to carry out the attacks on casino companies MGM Resorts International and Caesars Entertainment. The group also infiltrated telecom companies, healthcare groups, and many other organizations.

The statement was issued along with the CISA and provides a look into how these hackers operate. It states: “Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their usual TTPs.”

According to Cybernews, one of the more common phishing techniques used by Scattered Spider includes posing as an IT or helpdesk staff using a phone call or text message, then tricking the company employee into handing over their username and password to gain access to the network.

Moreover, even after they’ve gained access to an organization’s systems, the cybergang will continue going over its internal communication channels for any emails or conversations that might indicate their breach had been discovered.

The agencies further claim that the criminals frequently join incident remediation and response calls and teleconferences, likely to identify how security teams are hunting them and proactively develop new avenues of intrusion in response to victim defenses.

The FBI and CISA urged critical infrastructure organizations to implement recommended security measures and told victim organizations to share any information they had about the hacks.

They concluded by stating they do not encourage paying ransom, as payment does not guarantee victim files will be recovered, adding that ransom payments may embolden the hackers into going after more targets.