A known ransomware gang has taken credit for the highly disruptive attack on MGM Resorts, and the hospitality and entertainment giant has yet to restore many of the impacted systems.
It’s unclear for how long hackers had access to the company’s systems, but the attack came to light on September 10, and the next day MGM issued a statement saying it was forced to shut down many systems due to a cybersecurity issue.
The incident has impacted MGM’s website, casinos, and systems used for email, restaurant reservations, and hotel bookings, and even digital hotel room keys.
Vx-underground, a research organization providing malware samples and threat intelligence, reported on Wednesday that the ransomware group named ALPHV (aka BlackCat), specifically one of its subgroups, has taken credit for the attack.
The hackers told Vx-underground that they gained initial access to MGM Resorts systems using social engineering.
“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation,” Vx-underground said in a message posted on X, formerly Twitter.
There is no mention of MGM on the ALPHV leak website, but victims are typically only named on the site when negotiations with the cybercriminals fail or stall.
In addition to encrypting files, the hackers typically steal valuable information from compromised systems in an effort to pressure the victim into paying up.
Reuters has learned from sources that a threat group tracked as Scattered Spider is behind the attack on MGM.
Scattered Spider, also known as 0ktapus and UNC3944, was previously described by cybersecurity researchers as an ALPHV ransomware affiliate. The financially motivated group has been known to target mobile carriers, cryptocurrency firms, as well as Twilio, Cloudflare and many other organizations with SMS-based phishing messages.
Scattered Spider, according to Bloomberg, also hacked casino giant Caesars Entertainment, which has reportedly paid tens of millions of dollars to the cybercriminals.
The MGM Resorts website and many other systems that were taken offline in response to the attack have yet to be restored.
MGM has filed an 8-K form with the US Securities and Exchange Commission (SEC) regarding the cyberattack, which indicates that the incident may have a material impact on the company.
Rating agency Moody’s said the incident could have a negative effect on MGM’s credit rating. The breach has also had an impact on MGM shares.
Last year, MGM Resorts-owned online sports betting company BetMGM suffered a data breach, with hackers claiming to have stolen the information of 1.5 million customers.
Related: Cybersecurity Companies Report Surge in Ransomware Attacks
Related: Ransomware Group Starts Leaking Data From Japanese Watchmaking Giant Seiko
Related: ALPHV Ransomware Operators Pressure Victim With Dedicated Leak Site