ALPHV, also known as BlackCat, has been identified as the ransomware group responsible for the recent cyber attack that resulted in the shutdown of MGM Grand casinos this past Monday. This revelation comes from a report by the malware archive vx-underground. VX-underground contends that ALPHV successfully penetrated MGM Resorts International’s systems within a remarkably short span of 10 minutes through a cunning application of social engineering techniques, thereby causing extensive disruptions across MGM properties located throughout the United States.
Vx-underground asserts that the ransomware group’s infiltration of MGM’s computer systems followed a straightforward three-step process. According to a Twitter post by the organization, the attack entailed the following actions: “To compromise MGM Resorts, all ALPHV ransomware group did was to utilize LinkedIn to identify an employee and subsequently make contact with the Help Desk.” It is astonishing to note that a company with an estimated value of $33,900,000,000 fell victim to a mere 10-minute conversation.
Vx-underground has indicated that MGM Grand appears to have resisted the ransomware group’s demands, as they stated, “In our opinion, MGM will not pay.”
MGM Grand, in response to outage reports, promptly implemented security measures to safeguard its systems and launched an ongoing investigation into the extent of the attack. The full scope of the incident remains unclear, but according to an MGM spokesperson speaking to AP News, the impact extended beyond Las Vegas, affecting reservation systems and casino operations in Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio.
The FBI has acknowledged the incident and issued a statement confirming that it is an “ongoing” matter. MGM Resorts, in a statement released on Monday night, assured that its dining, entertainment, and gaming facilities are operational. Additionally, guests will be able to access their hotel rooms, notwithstanding previous reports of hotel key card malfunctions.
The cybersecurity issues not only caused delays for guests checking in but also resulted in error messages on slot machines, disruptions to paid parking systems, and the unavailability of the company website, which continues to display an error message as of Wednesday. MGM’s booking site is similarly inaccessible, with customers being advised to contact customer support for assistance.
David Kennedy, CEO of the cybersecurity company TrustedSec, expressed little surprise regarding the MGM hack, remarking, “Casinos are hot right now,” and noting that he has responded to numerous cyberattacks targeting casinos.
Brett Callow, a threat analyst at Emsisoft, a cybersecurity firm, highlighted that casinos are considered “obvious candidates” for ransomware operators due to their financial resources and high downtime costs, which may increase the likelihood of them paying ransoms.
The FBI has previously cautioned both physical and online casinos about the growing threat of cyberattacks, which have affected several casinos in recent years. In 2017, hackers used a fish tank to compromise a North American casino by exploiting sensors connected to an internal PC responsible for regulating the tank’s temperature, food, and cleanliness. While the casino’s name and the nature of the data stolen were not disclosed, The Washington Post reported that the hackers transmitted 10 gigabytes of data to a device in Finland.