In a world where ransomware headlines dominate the news, it is refreshing to share progress: law enforcement is striking back. Authorities in the UK and the US have announced arrests tied to Scattered Spider, one of the most disruptive cybercriminal groups in recent years.
Two UK nationals, Thalha Jubair (19) and Owen Flowers (18), were arrested by the National Crime Agency (NCA) in coordinated raids with the London Police. Both are accused of hacking Transport for London in 2024, exposing commuter data and disrupting services. They are also charged with cyberattacks on US healthcare providers, including SSM Health and Sutter Health, as well as involvement in ransomware schemes that extorted over $115 million from at least 47 US victims.
Days later, a third suspect, a teenage male, surrendered himself to authorities in Las Vegas. He is now facing multiple charges, including extortion, unlawful computer activity, and identity theft, linked to the high-profile 2023 attacks on MGM Resorts and Caesars Entertainment casinos.
For UK businesses, these arrests are more than courtroom drama. They serve as proof that cybercriminals can be stopped and that collaboration among nations, regulators, and technology partners is yielding results.
At CyberOne, we see this as a strong reminder that persistence and partnership deliver results.
Why Scattered Spider Matters for UK Organisations
Also known as Octo Tempest, UNC3944, and 0ktapus, Scattered Spider has gained notoriety for high-impact attacks across industries. Their playbook includes:
- Social engineering – tricking employees into revealing credentials
- Network breaches – exploiting weak access controls
- Extortion – demanding millions for stolen data or locked systems
These tactics mirror the risks UK organisations face every day: credential theft, ransomware, and supply chain compromise.
The arrests prove that even sophisticated attackers can be traced and held accountable. International cooperation played a vital role, sending a clear message: no hacker is beyond reach.
Practical Actions for Business Leaders
The arrests highlight principles that directly apply to every UK organisation:
- Benchmark your resilience – Conduct a cyber maturity assessment (such as CyberOne’s AssureMAP) to understand strengths, weaknesses, and priorities.
- Test your response plan – Ensure incident response playbooks are up to date, with clear roles, well-defined escalation paths, and regular rehearsals in place.
- Reduce identity risks – Improve your Microsoft Secure Score, enforce multifactor authentication, and adopt Zero Trust controls to block common attack paths.
- Invest in continuous monitoring – Consider 24x7 Managed Detection and Response (MDR/XDR) to detect and contain threats quickly.
CyberOne’s Role in Collective Defence
At CyberOne, we help organisations anticipate threats, respond with confidence, and build resilience. Our approach is grounded in:
- Collective defence – Partnering with regulators, technology leaders like Microsoft, and industry peers to strengthen protection.
- Trusted expertise – CREST and NCSC accredited, with Microsoft Security certifications that prove our capability.
- Tailored solutions – From AssureMAP assessments to Assure365 managed services, we provide a clear pathway from risk to resilience.
- Proven results – Our clients across financial services, healthcare, manufacturing, retail, and business services trust us to safeguard sensitive data, ensure compliance, and stay ahead of attackers.
Looking Ahead with Optimism
Cybercrime will not disappear overnight, but progress is being made. Every arrest, every disrupted ransomware network, and every successful defence is a step toward a safer digital future.
The Scattered Spider arrests are more than a news headline. They are proof that cyber criminals will be held accountable and that resilience and collaboration can outpace even the most determined threats. CyberOne is proud to be part of this ongoing effort.
"These arrests show that even the most disruptive cybercriminals can be stopped. International cooperation is proving that no hacker is beyond reach. At CyberOne, we know resilience comes from partnership, and we remain committed to helping organisations stay ahead of evolving threats."
-Dominic List, CEO, CyberOne
Ready to Strengthen Your Defences?
CyberOne helps ambitious, growth-focused organisations build measurable cyber resilience through proactive detection, rapid response, continuous risk reduction, and compliance, empowering businesses to thrive in a world of constant change. Book a 1:1 consultation today and take the next step towards a safer future.