Dec 23, 2024

MGM Continues Navigating Cyber Attack After Caesars Entertainment Pays Ransom

by Nadia El-Yaouti | Sep 19, 2023
Golden lion statue in front of MGM Resorts on the Las Vegas Strip. Photo Source: Adobe Stock Image

Sin City is struggling to get back online after a string of cyber security attacks shut down major hotels last week.

Last Monday, global chain MGM Resorts International announced that it was dealing with a “cybersecurity issue” that was affecting some of its online operations. In response, the casino said that it would be shutting down some of its systems to “protect our systems and data.” The implications of moving into manual mode included hotel and digital room keys not working, shut down slot machines, and inoperable ATMs. A number of the websites for properties across the globe also went offline for a period of time.

Visitors were left standing in long lines and unable to operate slot machines or enjoy casino offerings. Those who were able to play some games had to have Casino attendants manually withdraw Casino winnings. Workers also shifted to manual mode as they physically took down information for visitors checking in and checking out of the casino.

According to reporting from Vox, the group Scattered Spider is believed to be responsible for the attack against MGM. This group specializes in social engineering attacks, a method in which hackers prey on the vulnerabilities of individuals rather than systems to gain access to a network. The group is believed to be composed of older teens and young adults based throughout the U.S. and the U.K.

It's believed that an individual with the group was able to hack the MGM system through a phone call with a help desk worker at the casino chain. Vishing —or gaining sensitive Information from a target through a convincing phone call— was the method by which the hackers were able to get into MGM’s digital operations. The group allegedly impersonated an MGM employee after finding their information on LinkedIn and obtained credentials into the system after speaking with MGM’s IT help desk.

According to the Financial Times, an individual with Scattered Spider is demanding a crypto payment in order to release MGM's stolen encrypted data. MGM shared that at this point, they have not engaged with the hackers about paying the ransom.

Reports indicate that MGM Resorts could be losing anywhere from $4.2 million to $8.4 in daily revenue and an estimated $1 million in cash flow for every day that they are under attack.

Following reports of MGM's attack, rival casino and restaurant chain Caesars Entertainment shared that it was also the victim of a ransomware attack days before MGM was attacked.

Caesars Entertainment Quarterly had sensitive data encrypted by hackers demanding a 30 million ransom. Caesars Entertainment eventually paid the ransom, but negotiated it down to $15 million.

The Securities and Exchange Commission requires that victims of a cyber attack must file a Form 8-K and report the attack within four days of the “material” event. Despite confirming the attack on September 7th, Caesars Entertainment did not file form 8-K until a week after. In its filing, Caesars Entertainment explained that an “outsourced IT support vendor” conducted a social engineering attack that resulted in the loss of sensitive data about members affiliated with its customer loyalty program.

Though the MGM Cyber attack followed a similar M.O. as the attack on Caesars Entertainment hotels and casinos, Scattered Spider alleges that it was not behind the Caesars attack.

While there is no federal law that prohibits an individual from paying a ransom, especially in the case of a cyber-attack, targets like MGM or Caesars Palace that pay out on a ransom could be subjected to legal action from victims whose data was stolen.

However, federal cybersecurity laws do have guidelines on how to prevent and respond to a ransomware attack. Alerting the proper authorities and securing networks are the first steps in adhering to federal law.

The FBI is currently investigating the attack against MGM Resorts, and the casino maintains that it will “continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly,” adding, “We couldn't do this without the thousands of incredible employees who are committed to guest service and support from our loyal customers. Thank you for your continued patience."

Share This Article

If you found this article insightful, consider sharing it with your network.

Nadia El-Yaouti
Nadia El-Yaouti
Nadia El-Yaouti is a postgraduate from James Madison University, where she studied English and Education. Residing in Central Virginia with her husband and two young daughters, she balances her workaholic tendencies with a passion for travel, exploring the world with her family.

Related Articles

Exterior view of the Los Angeles Superior Court, Stanley Mosk Courthouse.
Los Angeles Superior Court Hit by Ransomware Attack

According to an official press release from the Court Technology Services (CTS) Division, the Superior Court of Los Angeles County experienced a ransomware attack on Friday, July 19, 2024, which disrupted its internal systems. The attack was identified in the early hours of Friday morning, prompting the Court to disable... Read More »

Cars lined up at a gas station with people refueling after the Colonial Pipeline cyberattack, indicating fuel shortages.
Colonial Pipeline Latest Victim of Stepped-up Ransomware Attacks

Colonial Pipeline, which operates the United States’ largest fuel pipeline was shut down for days due to a cyberattack committed by a Russian hacker gang known as DarkSide. There have been gasoline shortages and spikes in the price of gas. The company released a statement on its website: "Colonial Pipeline... Read More »