A known ransomware gang has taken credit for the highly disruptive cyberattack on MGM Resorts, and the hospitality and entertainment giant has yet to restore most of the affected systems.
It’s unclear exactly how long the hackers had access to the company’s systems, but the attack was revealed on September 10, and the next day MGM released a statement saying it had been forced to shut down many systems due to a cybersecurity issue.
The incident impacted MGM’s website, casinos and systems used for email, restaurant and hotel reservations, and even digital hotel room keys.
Vx-underground, a research organization providing malware samples and threat intelligence, reported on Wednesday that the ransomware group named ALPHV (aka BlackCat), specifically one of its subgroups, has took credit for the attack.
The hackers told Vx-underground that they gained initial access to MGM Resorts’ systems through social engineering.
“All the ALPHV ransomware group did to compromise MGM Resorts was go to LinkedIn, find an employee, and then call the help desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation,” Vx-underground said in a post on X, formerly Twitter.
There is no mention of MGM on the ALPHV leak website, but victims are typically only named on the site when negotiations with cybercriminals fail or become bogged down.
In addition to encrypting files, hackers typically steal valuable information from compromised systems in an attempt to pressure the victim into paying.
Reuters has learned from sources that a menacing group known as the Scattered Spider is behind the attack on MGM.
Scattered Spider, also known as 0ktapus and UNC3944, has previously been described by cybersecurity researchers as a ALPHV ransomware affiliate. This financially motivated group is known for targeting mobile phone operators, cryptocurrency companiesas well as Twilio, Cloudflare and many other organizations spreading phishing messages via SMS.
Spider scattered, according to Bloombergalso hacked casino giant Caesars Entertainment, allegedly paying tens of millions of dollars to cybercriminals.
The MGM Resorts website and many other systems that were taken offline in response to the attack have not yet been restored.
MGM has deposit a Form 8-K with the U.S. Securities and Exchange Commission (SEC) regarding the cyberattack, which indicates that the incident may have a material impact on the company.
Ratings agency Moody’s said the incident could have a negative effect on MGM’s credit rating. The breach also impacted MGM Stock.
Last year, the online sports betting company owned by MGM Resorts BetMGM suffered a data breachhackers claiming to have stolen the information of 1.5 million customers.
Related: Cybersecurity Companies Report Increase in Ransomware Attacks
Related: Ransomware group begins leaking data from Japanese watch giant Seiko
Related: ALPHV ransomware operators put pressure on victim with dedicated leak site