The cyber attack that brought MGM Grand casinos to a standstill has been attributed to the ransomware group known as ALPHV, also referred to as BlackCat, as reported by malware archive vx-underground. According to the archive, ALPHV managed to infiltrate the company's systems through social engineering in a mere 10 minutes, effectively paralyzing MGM Resorts International properties across the United States.
Vx-underground outlined the three simple steps taken by the ALPHV ransomware group to compromise MGM's computer systems. In a Twitter post, they explained, "All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk." They added, "A company valued at $33,900,000,000 was defeated by a 10-minute conversation."
Vx-underground also suggested that MGM Grand has not acquiesced to the ransomware gang's demands, stating, "In our opinion, MGM will not pay."
MGM Grand promptly took measures to secure its systems upon receiving reports of the outage, as stated in a Twitter post on Monday. An investigation is underway, and the full extent of the attack remains uncertain. An MGM spokesperson informed AP News that the incident impacted not only Las Vegas reservation systems and casino floors, but also locations in Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio.
The FBI confirmed awareness of the incident, asserting that the situation is still ongoing. MGM Resorts issued a statement on Monday night assuring that dining, entertainment, and gaming operations are functional, and guests will regain access to their hotel rooms, despite reports of malfunctioning key cards.
The cybersecurity breach caused further disruptions, including delays in customer check-ins, error messages on slot machines, halted paid parking systems, and a malfunctioning company website, which continues to display an error message as of Wednesday. Similarly, MGM's booking site remains inaccessible, directing customers to contact support for assistance.
"We're aware that some customers are experiencing issues," the site informs. "Please know that our teams are working hard to get everything up and running, and we will update you once we're fully restored."
David Kennedy, CEO of cybersecurity company TrustedSec, expressed little surprise at the MGM hack, emphasizing the heightened vulnerability of casinos. "Casinos are hot right now," he remarked, citing numerous cyberattacks on casinos he has encountered.
Brett Callow, a threat analyst at Emsisoft, a cybersecurity company, echoed the sentiment, deeming casinos an "obvious candidate" for ransomware operators due to their substantial financial stakes and high downtime costs, making them more inclined to consider ransom payments.
The FBI has previously cautioned both physical and online casinos about the escalating threat of cyberattacks, which have targeted several casinos in recent years. In a notable case from 2017, hackers ingeniously used a fish tank to infiltrate a North American casino, exploiting sensors connected to an internal PC managing the tank's environment. Although the casino's identity and the nature of the stolen data were undisclosed, The Washington Post reported that the hackers transmitted 10 gigabytes of data to a device in Finland.
