MGM Ransomware Attack: What We Know

Here is everything we currently know about the MGM ransomware attack.

by | Sep 19, 2023 | Tech Insights

Managed IT Services
In recent days, the hospitality and entertainment giant MGM Resorts International found itself at the center of a cyber nightmare. What began as a “cybersecurity issue” quickly escalated into a full-blown cyberattack, causing significant disruptions to MGM’s operations. This is what we know about the MGM ransomware attack.

The Initial Discovery

The incident came to light on September 11, 2023, when MGM Resorts released a statement via social media, acknowledging the presence of a “cybersecurity issue” affecting some of its systems. The company immediately launched an investigation and informed law enforcement agencies about the attack.

How It Happened

The attackers allegedly identified an MGM tech employee on LinkedIn and then proceeded to call the company’s support desk, where they exploited their knowledge to infiltrate the systems. This demonstrates the effectiveness of relatively simple methods in breaching even large and well-protected organizations. They claim it only took a 10 minute conversation to infiltrate their systems.

Who Were The Attackers?

Two hacking groups have been linked to this attack: Scattered Spider and ALPHV (also known as BlackCat). Scattered Spider is known for its expertise in social engineering, particularly “vishing,” where attackers manipulate victims through phone calls. Their tactics often involve impersonating trusted sources.

ALPHV is a ransomware-as-a-service group that has previously targeted major organizations, including Reddit and Western Digital. While both groups have claimed responsibility for the MGM attack, the exact nature of their involvement remains unclear.

Caesars Paid, MGM Didn’t

In a startling parallel to the MGM Resorts cyberattack, Caesars Entertainment also fell victim to a ransomware attack around the same time. In this case, the attackers, believed to be Scattered Spider, leveraged social engineering tactics to target an outsourced IT vendor and gain unauthorized access to Caesars’ systems. What sets this incident apart is Caesars’ response; the company chose to pay a substantial ransom, reportedly in the tens of millions of dollars, to the hackers to prevent them from exposing the compromised data. Caesars sought to safeguard sensitive customer information, such as driver’s license numbers and social security numbers, although it claimed that critical data like passwords and payment card information remained secure.

The Impact

The fallout from the attack has been substantial. MGM Resorts had to shut down computer systems across its properties, causing disruptions that affected guests in multiple ways. Slot machines, digital key cards, ATMs, and payment systems were all crippled. Guests were forced to endure lengthy check-in processes, and the company’s website and mobile app were offline for an extended period. MGM Resorts is actively working with cybersecurity experts to resolve the situation. While the extent of the breach and the exact demands of the attackers remain undisclosed, the company has taken measures to mitigate the impact, including in-person checkouts and providing physical room keys to guests. Nonetheless, the inconvenience and financial repercussions are significant. Caesars is currently facing a lawsuit, and its not unlikely that MGM could find itself in a similar legal situation.

Update 9/26: MGM Resorts recently announced its complete return to normal operations as of September 21. However, the company now finds itself entangled in legal troubles, facing class action lawsuits filed in U.S. District court in Nevada. These lawsuits allege that MGM was negligent and profited unfairly by not adequately safeguarding the personal information of its customers. Both plaintiffs argue that MGM should have been aware of the potential risks, as Okta had previously issued warnings about being a repeated target for social engineering attacks. Despite these warnings, MGM failed to take the necessary actions to protect its customers’ data.

Lessons to Learn

The MGM ransomware attack serves as a stark reminder of the evolving nature of cyber threats. It underscores the critical role of social engineering in modern cyberattacks and highlights that even the most prominent organizations can fall victim to relatively simple tactics.

In the face of such threats, organizations must continue investing in cybersecurity measures while also educating their employees about the risks of social engineering. Most data breaches are caused by people, so we can not emphasize it enough to train your employees! While is it important to train your employees, it is equally as important to have robust incident response plans in place to minimize disruptions and financial losses.

Network Security Associates was founded in 2003 with a clear vision of providing exceptional IT support and cybersecurity services while delivering top-notch customer service. Our clients are our top priority, and we go above and beyond to ensure their satisfaction every single time. Our mission is to enable our clients to focus on their core business objectives by taking care of their technology needs. We take pride in our quick response times, efficient disaster recovery plan implementation, and free evaluations. Our certification from the Gaming Board is a testament to our commitment to excellence and our ability to meet the highest industry standards.
If you’re looking for a reliable IT partner who will put your needs first, look no further than Network Security Associates. Contact us today at 702-547-9800 for a free consultation and learn how we can help you stay ahead of the competition!