UPDATED 20:00 EDT / SEPTEMBER 21 2023

SECURITY

Services at MGM Resorts restored following ransomware attack

Services at hotels and casinos owned by MGM Resorts International Inc. have been at least mostly restored following a ransomware attack that crippled services provided by the company last week.

The cyberattack was first detected on Sept. 10 and affected systems, including websites, online reservations, ATMs, credit card machines and MGM Resorts across the U.S. In Las Vegas, it was reported that the attack also affected slot machines and room key systems.

To this point, MGM has still not formally disclosed the form of what the company still described as a “cybersecurity issue.” But a report on Sept. 13 linked the attack to the ALPHV/BlackCat ransomware group. VX-Unground, a malware research group, claimed on X (formerly Twitter) that the ransomware group compromised the company by calling the MGM Resorts helpline and undertaking a 10-minute conversation.

Other reports have since linked the attack to a group going by the name of “Scatter Spider,” the same group that was linked to a similar attack on casino operator Caesars Entertainment Inc. earlier this month. According to a report on Sept. 14, Scatter Spider, also known as UNC3944, is an affiliate of ALPHV/BlackCat.

Ransomware affiliates collaborate with ransomware creators, in this case, ALPHV/BlackCat, by deploying the ransomware within victim networks and are sometimes responsible for specific tasks like data theft or extortion based on their expertise.

In a statement on X on Sept. 20, MGM Resorts said services in its hotel and casinos are now operating normally — though one reporter said she still couldn’t book a room there.

The attack on MGM Resorts has drawn widespread attention to the problem of ransomware attacks and the need to enhance cybersecurity measures.

“The recent cyberattack on MGM Resorts International unveiled the significant deficiencies in the company’s cyber infrastructure and training, paralyzing key sectors of the business,” Lisa Plaggemier, executive director at the non-profit security awareness and educational organization National Cybersecurity Alliance, told SiliconANGLE. “This incident starkly emphasizes the pressing need for robust investment in cyber infrastructure, including regular security audits and thorough employee training programs, to fortify defenses and effectively combat future cyberthreats. Without such measures, the risk of extensive downtime and financial losses remains a looming threat.”

Photo: Zereshk/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.

Cookies

We employ the use of cookies. Find out more.