Blog

Ransomware gang ALPHV claims responsibility for MGM Resorts breach

The cyber attack on MGM Resorts International continues to cost the casino real money and hotel giant money by the minute, experts say, as the first clues about who perpetrated the breach emerged.

The attack, which began on Sunday, knocked out slot machines at ARIA and disrupted hotel room locks in the Bellagio on the Las Vegas Strip, though the full extent of the impact remained unclear.

The main website for MGM Resorts remained down on Wednesday morning, following a ‘cybersecurity incident’ the company says impacted reservations and casino floors in Nevada and seven other states.

The company has remained tight-lipped about the incident, refusing to explicitly acknowledge a breach, but late on Tuesday a Russian-speaking ransomware gang  claimed responsibility for the cyberattack.

The hacker gang ALPHV, also known as BlackCat, said that it had breached the gaming giant with a simple phone call, according to a post on X from malware repository vx-underground.

The cyber attack on MGM Resorts International continues to cost the the casino game and hotel giant money by the minute, as a Russia-linked hacker gang claims responsibility

Images posted to social media showed slot machines offline at MGM properties on The Strip, following the cyber attack which began on Sunday and remains ongoing 

‘All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,’ the group said, adding that the company ‘was defeated by a 10-minute conversation.’

Such attacks, known as ‘social engineering,’ involve convincing a human target to hand over credentials, such as by posing as an employee who needs a password reset. 

ALPHV does not appear to have mentioned the attack on its dark leak pages, and vx-underground said the information came from direct communications with the hackers.

The malware researchers suggested that the hacker gang’s ransom demands had not been met, writing: ‘In our opinion MGM will not pay.’ 

Vx-underground and MGM Resorts did not immediately respond to inquiries from DailyMail.com on Wednesday morning. 

The FBI told DailyMail.com that it is investigating the incident, adding: ‘As this is an ongoing investigation, we are not able to provide any additional detail.’

Ransomware gangs operate by infiltrating target organizations and encrypting their IT infrastructure, demanding payments which can run in the tens of millions of dollars in exchange for the encryption keys to restore access. 

But refusing to pay can also be costly for businesses, costing many millions in lost business, as well as remediation efforts to restore access and secure compromised systems.

‘Casinos are an attractive target for cyber extortionists,’ Brett Callow, a threat analyst with cybersecurity firm Emsisoft, told DailyMail.com. 

‘They have the means to pay ransoms and, because downtime is so expensive for them, they may have the motivation to pay too,’ he added.

MGM Resorts International President and CEO Bill Hornbuckle is seen above. The breach continued to wreak havoc for guests at MGM properties on Tuesday

The main website for MGM Resorts remained down on Wednesday morning, directing visitors to download the MGM Rewards app for dining reservations

The breach continued to wreak havoc for guests at MGM properties on Tuesday, with disruptions hitting reservation systems, video slots machines, and even paid parking systems, according to the Las Vegas Review-Journal. 

‘I’m sure they’re losing money every minute, every hour, every day,’ Alex Hamerstone, an advisory solutions director at cybersecurity firm TrustedSec, told the outlet.

MGM Resorts has said the event started Sunday and that it shut down ‘certain systems’ in efforts to protect data. 

It did not call it a cyberattack or specify which systems were affected. It said the impact was felt at properties in Las Vegas and states including Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York and Ohio. 

Guests have shared stories on social media about not being able to make credit card transactions, obtain money from cash machines and enter hotel rooms using key cards. 

Footage filmed at the ARIA casino game showed some video slot machines displaying error or offline messages.

Posts on social media earlier this week showed the disruption on casino real money floors

MGM is the biggest employer in Nevada and owns a number of prominent casinos on the Strip, including ARIA, Mandalay Bay, the Bellagio, Luxor and MGM Grand.

The company said in a statement on Monday: ‘MGM Resorts recently identified a cybersecurity issue affecting some of the Company’s systems. 

‘Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. 

‘We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter.’

‘Bottom line, our customers are being served,’ company spokesperson Brian Ahern told The Associated Press on Tuesday.

NevadaLas Vegas