MGM Resorts breach is costing the casino giant ‘every minute’ after hacker gang known as BlackCat infiltrated them in 10 MINUTES using an employee’s name and a phone call

US
By James

The cyberattack on MGM Resorts International continues to cost the casino and hotel money by the minute, experts say, as the first clues emerge about who committed the breach.

The attack, which began Sunday, took out slot machines at ARIA and disrupted hotel room locks at the Bellagio on the Las Vegas Strip, although the full extent of the impact remained unclear.

MGM Resorts’ main website remained offline Wednesday morning after a “cyber security incident” that the company said affected reservations and casino floors in Nevada and seven other states.

The company remained tight-lipped about the incident, refusing to explicitly acknowledge a breach, but on Tuesday evening a Russian-speaking ransomware gang claimed responsibility for the cyberattack.

The hacker gang ALPHV, also known as BlackCat, said they had breached the gaming giant with a simple phone call, according to a post on X from the malware repository vx-underground.

The cyber attack on MGM Resorts International continues to cost the casino and hotel giant money by the minute, while a Russian-linked hacker gang claims responsibility

Images posted to social media showed slot machines offline at MGM properties on The Strip, following the cyberattack that began Sunday and is still ongoing

Images posted to social media showed slot machines offline at MGM properties on The Strip, following the cyberattack that began Sunday and is still ongoing

“All the ALPHV ransomware group did to compromise MGM Resorts was jump on LinkedIn, find an employee, and then call the helpdesk,” the group said, adding that the company “was defeated by a 10-minute call .’

Such attacks, known as ‘social engineering’, involve convincing a human target to hand over credentials, for example by posing as an employee who needs to reset a password.

ALPHV does not appear to have mentioned the attack on its dark leak pages, and vx-underground said the information came from direct communications with the hackers.

The malware researchers suggested that the hacker gang’s ransom demands had not been met, writing: “In our opinion, MGM will not pay.”

Vx-underground and MGM Resorts did not immediately respond to questions from DailyMail.com on Wednesday morning.

Ransomware gangs operate by infiltrating target organizations and encrypting their IT infrastructure, demanding payments that can run into the tens of millions of dollars in exchange for the encryption keys to restore access.

But refusing to pay can also be costly to companies, costing many millions in lost business as well as remediation efforts to restore access and secure compromised systems.

“Casinos are an attractive target for cyber extortionists,” Brett Callow, a threat analyst at cybersecurity firm Emsisoft, told DailyMail.com.

“They have the means to pay the ransom and because downtime is so expensive for them, they may also have the motivation to pay,” he added.

MGM Resorts International President and CEO Bill Hornbuckle is seen above. The breach continued to wreak havoc on Tuesday for guests at MGM properties

MGM Resorts International President and CEO Bill Hornbuckle is seen above. The breach continued to wreak havoc on Tuesday for guests at MGM properties

MGM Resorts' main website remained offline Wednesday morning, directing visitors to download the MGM Rewards app for dining reservations

MGM Resorts’ main website remained offline Wednesday morning, directing visitors to download the MGM Rewards app for dining reservations

The breach continued to wreak havoc on guests at MGM properties on Tuesday, with disruptions affecting reservation systems, video slot machines and even paid parking systems, according to the Las Vegas Review-Journal.

“I’m sure they’re losing money every minute, every hour, every day,” Alex Hamerstonea director of consulting solutions at cybersecurity firm TrustedSec, told the outlet.

The FBI on Tuesday labeled the investigation as ongoing but said no further information was available.

MGM Resorts said the event started Sunday and that it has disabled “certain systems” in efforts to protect data.

It did not call it a cyberattack or specify which systems were affected. It said the impact was felt at properties in Las Vegas and states including Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York and Ohio.

Guests have shared stories on social media about not being able to complete credit card transactions, not being able to withdraw money from ATMs and not being able to enter hotel rooms with key cards.

Footage filmed at the ARIA casino showed some video slot machines displaying error or offline messages.

Posts on social media earlier this week showed the disruption on casino floors

Posts on social media earlier this week showed the disruption on casino floors

Posts on social media earlier this week showed the disruption on casino floors

MGM is the largest employer in Nevada and owns a number of prominent casinos on the Strip, including ARIA, Mandalay Bay, the Bellagio, Luxor and MGM Grand.

The company said in a statement Monday: “MGM Resorts recently identified a cybersecurity issue affecting some of the company’s systems.

“Immediately after discovering the issue, we quickly launched an investigation with the assistance of leading external cybersecurity experts.

“We also notified law enforcement and took immediate action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing and we are working hard to determine the nature and extent of the case.”

“The bottom line is that our customers are served,” company spokesman Brian Ahern told The Associated Press on Tuesday.

You might also like More from author