Disruptions continue at hotels and casinos owned by MGM Resorts International, five days after the company was raided by hackers who demanded a ransom to restore access.
On Thursday evening, videos posted from MGM properties on the Las Vegas Strip, including ARIA and Bellagio, showed painfully long check-in lines and some slot machines remaining offline.
Operating slot machines are cash-only and set to hand pay, meaning winnings must be doled out by human staffers, and MGM has been handing out dining credits and free alcohol to appease irate guests.
Meanwhile, hackers who claimed responsibility for the breach said in a statement late Thursday that they retained access to “some of MGM’s infrastructure” and threatened “additional attacks” if their ransom demands were not met.
MGM’s continued woes come after rival gaming giant Caesars Entertainment confirmed last week that it had discovered a breach, but Caesars reportedly paid a ransom of around $15 million and avoided any customer disruption.
There were long check-in lines at the Bellagio (left) on Thursday, while ARIA still had some slot machines offline, while the rest were cash and hand only
The FBI told DailyMail.com that it is investigating the incidents at both Caesars and MGM, adding: “As this is an ongoing investigation, we cannot provide additional details.”
Neither Caesars nor MGM responded to multiple requests for comment from DailyMail.com throughout the week.
Both breaches appear to have been initiated by social engineering attacks, where the hackers tricked human targets into handing over credentials, for example by posing as real employees during phone calls to support lines.
The attribution for the attacks remained ambiguous. A group called Scattered Spider contacted journalists claiming responsibility for both breaches, while an affiliated gang known as ALPHV posted a lengthy statement contradicting these claims and saying they carried out the MGM attack.
It is possible that the two groups, known to have an affiliated relationship, both participated in the attacks, or are actually factions within the same loose hacker collective.
For MGM guests, the result of that company’s breach was a week of confusion and frustration.
“The MGM hack is causing chaos,” wrote user X Rachel Hooks from ARIA, sharing videos of long lines and slot machines on the fritz. ‘Ridiculous queues at check-in and casinos empty.’
At the Bellagio, @JacobLasVegasLife posted a video showing huge lines for hotel check-in.
MGM’s hotels have reportedly been forced to implement outdated measures at check-in counters, writing down guest information and credit card numbers by hand as system glitches continue.
X user @LasVegasLocally shared photos of $25 food and drink vouchers and wrote, “MGM Resorts employees have been given stacks of ‘guest recovery vouchers’ to hand to any hotel guest who complains about just about anything this weekend.”
Disruptions continue at hotels and casinos owned by MGM Resorts International, five days after the company was attacked by hackers demanding ransoms
User @LasVegasLocal shared photos of $25 food and beverage vouchers, writing, “MGM Resorts employees have been given stacks of ‘guest recovery vouchers’ to hand to any hotel guest who complains about just about anything this weekend.”
Other photos posted by @VitalVegas showed staff from MGM branches offering guests free wine and beer as they waited in long lines to check-in.
In a sign of a slow return to normal, MGM Resorts’ main website was finally functioning again, although online hotel reservations were still unavailable Friday morning.
“For hotel reservations arriving between September 13 and 17, 2023, we understand your travel plans may have changed, so we are waiving change and cancellation fees,” the website states. ‘Thanks for your patience.’
Meanwhile, the hacker gang ALPHV, also known as BlackCat, spoke out in a lengthy statement on their dark web ransom site on Thursday evening.
Without naming Scattered Spider, ALPHV dismissed reports of that group’s involvement as “rumors,” although they did not explicitly deny Scattered Spider’s involvement.
Long wait times for check-in were observed at ARIA on Thursday evening as MGM hotels in some cases resorted to manually recording guest information
MGM Resorts’ main website was finally functioning again, although online hotel reservations were still unavailable Friday morning
The hackers claimed that they infiltrated MGM’s network on Friday, September 8, and that the initial disruptions to the company’s system last weekend were actually the result of MGM employees frantically disconnecting devices to stop the attack.
“Due to their network engineers’ lack of understanding of how the network functions, network access was problematic on Saturday,” the hackers claimed.
“They then made the decision to take apparently important components of their infrastructure ‘offline’ on Sunday,” the group added.
ALPHV said it launched its ransomware attack on Monday, September 11, encrypting more than 100 bare-metal hypervisors in MGM’s server environment.
The hacker group said it had made “multiple attempts” to contact MGM with ransom demands but had received no response, aside from an unidentified user quietly lurking in the chat room set up to conduct the negotiations .
“We believe MGM will not agree to a deal with Up,” the hackers said. “We still have access to some of MGM’s infrastructure. If no agreement is reached, we will carry out additional attacks.”
“We continue to wait for MGM to grow a pair and contact us as they have clearly demonstrated that they know where to contact us,” ALPHV added.
The group’s claims could not be independently verified.