Sign Up For Card Player's Newsletter And Free Bi-Monthly Online Magazine

MGM Resorts Continues To Deal With Ransomware Attack Fallout

Caesars Entertainment Reportedly Paid $30 Million To Avoid Similar Problems

Print-icon
 

MGM Resorts reported some progress over the weekend, but challenges remain after more than a week of system shutdowns following a ransomware attack. A hacking group called “Scattered Spider” has claimed responsibility for the cybersecurity breach, reportedly with the initial hope of rigging some of the company’s gaming operations across more than a dozen casinos nationwide.

“In a trick reminiscent of a heist movie, the hackers who allegedly breached the security at MGM’s casinos this month originally planned to manipulate the software running the slot machines, and ‘recruit mules to gamble and milk the machines,’” Financial Times reports. “Thwarted in that plan, the group fell back on a decade-old formula that has reaped billions of dollars for ransomware operators — they siphoned off the company’s data, encrypted some of it, and are now demanding cryptocurrency to release it.”

Working To Get Back Online

As of Monday, MGM had made some progress in efforts to return to normal. The company’s website was back online and guests could at least book rooms and shows through the use of third-party websites.

Reservations for MGM property restaurants, bars, nightlife, and spas were also available once again online. Guests could also finally use their credit cards.

However, some operations had yet to return. Company email accounts remained down and player loyalty card options also weren’t operational. Some slot machines are now available, although reports from some casinos said many were still down and require a hand payout from an attendant.

“Probably took an hour until we cashed out and it was just tedious, having to wait an hour for just a simple cash out,” Oklahoma’s Marcos Moreno told KSNV after playing some slots at an MGM property in Las Vegas.

The poker rooms at each casino remain open and for the most part have been unaffected, aside from a few reports of players having limited access to working ATMs.

Gaining Access

Scattered Spider specializes in social engineering hacking by impersonating people or organizations to gain access to systems, usually through a convincing phone call rather than solely using online means.

“In this case, it appears that the hackers found an employee’s information on LinkedIn and impersonated them in a call to MGM’s IT help desk to obtain credentials to access and infect the systems,” Vox reports. “A subsequent Bloomberg report, citing an executive at cybersecurity company Okta, blamed a successful social engineering attack on the help desk as well. MGM is a client of Okta’s and the company has been assisting MGM in the wake of the attack.”

Caesars Entertainment apparently experienced a similar attack and made note of that in an SEC filing last week. The hack allowed attackers to copy the company’s customer loyalty program to gain access to driver’s license and social security numbers.

Caesars has offered customers identity theft protection and credit monitoring access as a result. The Wall Street Journal reported that the company paid a $30 million ransom to regain access from the attackers.

MGM Resorts reportedly did not pay the ransom, and experts estimate that the attack could cost the company more than $8 million per day in lost revenue.

*Photo credits: MGM Resorts International and Caesars Entertainment