MGM Continues Navigating Cyber Attack After Caesars Entertainment Pays Ransom
Sin City is struggling to get back online after a string of cyber security attacks shut down major hotels last week.
Last Monday, global chain MGM Resorts International announced that it was dealing with a “cybersecurity issue” that was affecting some of its online operations. In response, the casino said that it would be shutting down some of its systems to “protect our systems and data.” The implications of moving into manual mode included hotel and digital room keys not working, shut down slot machines, and inoperable ATMs. A number of the websites for properties across the globe also went offline for a period of time.
Visitors were left standing in long lines and unable to operate slot machines or enjoy casino offerings. Those who were able to play some games had to have Casino attendants manually withdraw Casino winnings. Workers also shifted to manual mode as they physically took down information for visitors checking in and checking out of the casino.
According to reporting from Vox, the group Scattered Spider is believed to be responsible for the attack against MGM. This group specializes in social engineering attacks, a method in which hackers prey on the vulnerabilities of individuals rather than systems to gain access to a network. The group is believed to be composed of older teens and young adults based throughout the U.S. and the U.K.
It's believed that an individual with the group was able to hack the MGM system through a phone call with a help desk worker at the casino chain. Vishing —or gaining sensitive Information from a target through a convincing phone call— was the method by which the hackers were able to get into MGM’s digital operations. The group allegedly impersonated an MGM employee after finding their information on LinkedIn and obtained credentials into the system after speaking with MGM’s IT help desk.
According to the Financial Times, an individual with Scattered Spider is demanding a crypto payment in order to release MGM's stolen encrypted data. MGM shared that at this point, they have not engaged with the hackers about paying the ransom.
Reports indicate that MGM Resorts could be losing anywhere from $4.2 million to $8.4 in daily revenue and an estimated $1 million in cash flow for every day that they are under attack.
Following reports of MGM's attack, rival casino and restaurant chain Caesars Entertainment shared that it was also the victim of a ransomware attack days before MGM was attacked.
Caesars Entertainment Quarterly had sensitive data encrypted by hackers demanding a 30 million ransom. Caesars Entertainment eventually paid the ransom, but negotiated it down to $15 million.
The Securities and Exchange Commission requires that victims of a cyber attack must file a Form 8-K and report the attack within four days of the “material” event. Despite confirming the attack on September 7th, Caesars Entertainment did not file form 8-K until a week after. In its filing, Caesars Entertainment explained that an “outsourced IT support vendor” conducted a social engineering attack that resulted in the loss of sensitive data about members affiliated with its customer loyalty program.
Though the MGM Cyber attack followed a similar M.O. as the attack on Caesars Entertainment hotels and casinos, Scattered Spider alleges that it was not behind the Caesars attack.
While there is no federal law that prohibits an individual from paying a ransom, especially in the case of a cyber-attack, targets like MGM or Caesars Palace that pay out on a ransom could be subjected to legal action from victims whose data was stolen.
However, federal cybersecurity laws do have guidelines on how to prevent and respond to a ransomware attack. Alerting the proper authorities and securing networks are the first steps in adhering to federal law.
The FBI is currently investigating the attack against MGM Resorts, and the casino maintains that it will “continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly,” adding, “We couldn't do this without the thousands of incredible employees who are committed to guest service and support from our loyal customers. Thank you for your continued patience."