The ALPHV/BlackCat ransomware group claimed responsibility for the MGM Resorts cyber outage on Tuesday, and it apparently took the group only 10 minutes on a phone call to glean the information needed to shut down systems and slot machines — not the slot machines! — at casinos owned by MGM Resorts.
“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” the organization wrote in a post on X. Those details came from ALPHV but have not been independently confirmed by security researchers.
MGM Resorts didn’t respond to a request for comment but said on Tuesday that “Our resorts, including dining, entertainment and gaming, are currently operational.”
Sept 13 (Reuters) - MGM International (MGM.N) and Caesars Entertainment (CZR.O) were both allegedly hacked by the same group, called Scattered Spider, Bloomberg News reported on Wednesday, citing four people familiar with the matter.
Scattered Spider, also known as UNC3944, comprises hackers based in the United States and UK and has previously targeted telecommunications and business process outsourcing companies, the Bloomberg report added.
The hackers started targeting Caesars as early as Aug. 27, according to the people. The group had also demanded a ransom from MGM, while the casino operator's systems stayed paralyzed for a third day. Scattered Spider may have worked with ALPHV on the MGM hack, the report said, citing sources.
MGM and Caesars did not immediately respond to Reuters requests for comment.
The FBI said it was investigating the MGM hack. The rating agency Moody's warned the incident could negatively impact MGM's credit rating.
Five days after a cyberattack crippled operations of MGM Resorts International, including its signature Las Vegas properties the Bellagio and the MGM Grand, the company said Thursday morning it is still working to resolve issues as another major resort operation, Caesars Entertainment, acknowledged it was also the target of a cyberattack.
Hackers struck MGM Resorts on Sunday morning, rendering doors to the chain's casinos and hotels unusable. Slot machines and ATM machines were also inoperable, elevators were out of order and customers had to wait hours to check into rooms. Even the company's website remains down.
"We continue to work diligently to resolve our cybersecurity issues while addressing individual guest needs promptly," MGM Resorts said a statement Thursday. "We couldn't do this without the thousands of incredible employees who are committed to guest service and support from our loyal customers. Thank you for your continued patience."
But for MGM Resorts Las Vegas visitors like Walter Haywood, patience is running out.
MGM Resorts has acknowledged the attack but has released no details on how it occurred or who might be responsible.
The company said it "took prompt action to protect our system and data, including shutting down certain systems."
The FBI said it is investigating the attack and has been in contact with the chain since Sunday.
The Cybersecurity and Infrastructure Security Agency, which is part of the U.S. Department of Homeland Security, announced on Thursday that it is in contact with MGM Resorts "to understand the impacts of their recent cyber incident."
"We are also offering any necessary assistance should the organization need or request it," the CISA said in a statement.
Nevada Gov. Joe Lombardo and the Nevada Gaming Board released a joint statement, saying they are "monitoring the cybersecurity incident with MGM Resorts and are in communication with company executives."
"Additionally, the Nevada Gaming Control Board remains in communication with other law enforcement agencies," the statement from Lombardo and the gaming board said.
VX-Underground -- a research group boasting the largest collection of malware source code, samples and papers on the internet -- posted to X that the ransomware group "ALPHV," also known as Black Cat, is allegedly is behind the MGM cyberattack. Authorities have not confirmed the report.
"All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation," VX-Underground said.
Bloomberg News reported Wednesday that the same ransomware group is responsible for a cyberattack this month on Caesars Entertainment Inc. and that the company paid "millions" to get its data back.
Caesars Entertainment -- which runs more than 50 resorts including, Caesars Palace and Harrah's in Las Vegas -- acknowledged the attack occurred on Sept. 7 in a filing Thursday with the U.S. Securities Exchange Commission.
"Caesars Entertainment Inc. recently identified suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor used by the Company," Caesars said in its SEC Form 8-K filing.
While the company said it did not pay a ransom, it noted that "we have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter. The full scope of the costs and related impacts of this incident, including the extent to which these costs will be offset by our cybersecurity insurance or potential indemnification claims against third parties, has not been determined."
Caesars Entertainment, according to the filing, said its investigation determined that hackers acquired a copy of its loyalty program database, which includes driver’s license numbers and Social Security numbers "for a significant number of members in the database."
Caesars added, "We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result."