Caesars Entertainment & MGM hit by ransomware
Within the last few weeks, both organizations were hit by a ransomware attack.
Payment Made
Caesars Entertainment reportedly paid in the neighborhood of “10’s of millions” to get their data back. No official reports have been released yet but are soon expected.
How protected are you?
What are you, or your company, doing to ensure you’re safe against ransomware attacks? Are you unsure or uneasy with your current Disaster Recovery platform? Email us today and get the conversation started with our team about how we can help ensure your data and systems stay protected.
News > Cyber-Attacks > CA-General
by Kevin Wood
Caesars Entertainment, MGM both impacted by ransomware
Multi-billion dollar organizations hit by ransomware
In a hit against the casino and gaming industry, both Caesars Entertainment and MGM Resorts were affected by ransomware, the former reportedly making a payment to hackers to conceal data and protect their company.
A few weeks ago, Caesars Entertainment was infiltrated by a ransomware hacker who used their access to download a lot of sensitive information from the company. The attack officially began a few days before the beginning of September and was detected soon after, but it was too late.
Analysts are reporting the hacking group behind the attack is claiming receipt of a payment in the number of 10’s of millions of dollars. While there is no official word from Caesar Entertainment right now, they’re likely to file a form with regulators soon divulging the details on the hack and any subsequent payment.
Originally, a 3rd party vendor who works with Caesars Entertainment was infiltrated which then allowed the attackers to gain access to their company resources.
With a net revenue of $5.7 billion in the first two quarters, it’s no wonder Caesars Entertainment would pay a ransom in order to keep their data private and secure. The trouble is – did the hackers really delete all of their data or are they going to extort them for more money later?
MGM Resorts reports being hit by ransomware
In a Wednesday filing with the SEC (Securities and Exchange Commission), MGM Resorts reported a recent cyber-attack against their company. The attack caused a system outage at their main headquarters as well as their properties and websites.
“MGM Resorts recently identified a cybersecurity issue affecting certain of the company’s systems,” an MGM spokesperson said in a statement.
“Promptly after detecting the issue, we began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and are taking steps to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to resolve the matter. The company will continue to implement measures to secure its business operations and take additional steps as appropriate.”
In a confirmed report, the Bellagio in Las Vegas had no access to their computer systems, including their credit card machines. Everything needed to be done manually – something that is effectively a foreign language in terms of today’s dependence on technology.
The website mgmresorts.com was also experiencing issues, displaying a message that the website is unavailable and giving patrons phone numbers for the different locations and services.
MGM Resorts refused to respond at the moment, most likely too involved in the investigation. They did, however, post on their social media about the outage and it’s affects.
As with other recent reports, the group ALPHV (also known as BlackCat) claimed responsibility for the attack, boasting about it on social media. They reported that they used LinkedIn to identify an employee at MGM Resorts that worked in IT. They then called into the company help desk and spoke with someone for approximately 10 minutes.
While this is all speculation and reports by a ransomware group, ALPHV is historically not known to lie about attacks, and the severity of it. We’ll continue to monitor the progress and follow any reports by MGM Resorts or it’s representatives.
“MGM Resorts recently identified a cybersecurity issue affecting certain of the company’s systems,” an MGM spokesperson said in a statement.
- Caesars Entertainment brought in $5.7 billion in net revenue in the first two quarters
- MGM Resorts reported $13.1 billion in revenue in 2022
- It’s likely that, if ALPHV is behind the attack, they’ll request a substantial ransom payment