10-minute call and millions paid in ransom | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

The MGM Resorts in Las Vegas, Nevada in the US continues to work to restore services after a cyberattack that shut systems across its properties. The hotel and entertainment giant, which operates a number of hotels and casinos on the Las Vegas Strip, was hit by a cyberattack reportedly rendering ATMs, slot machines, room digital key cards and electronic payment systems out of order.

Days after the attack was first reported, new details have come out which suggest that hackers were paid millions as ransom. Here are some details of the cyberattack.

When was the cyberattack reported

Reports about the hacking started to pour in starting September 11 when the attack knocked out slot machines as well as disrupted hotel room locks at ARIA and Bellagio hotels – both owned by MGM Resorts.


The outage rolled into its fourth day on Thursday (September 15) even as MGM said in an update on X (formerly Twitter) that the company was working to “resolve our cybersecurity issue.”


It has been reported that apart from Casinos and ATMs, TV services and phone lines have also been affected. It was reported that the disruption originated from a “social engineering attack” on the company’s outsourced IT support vendor.

15 million ransom paid

Caesars Entertainment, a casino and hotel entertainment company, confirmed the data breach on September 15. It said that the hacking led to a leak of information, including details from its loyalty program database.

The company said hackers accessed details, including driver’s licence numbers and possibly social security numbers, for a “significant number of members in the database”.


“We have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter,” Caesars said in its latest regulatory filing.

According to a report by the Wall Street Journal, Caesars paid roughly half of a $30 million ransom that hackers demanded after a cyberattack late this summer to stop hackers releasing its data.

The members of the hacking group, which are reportedly located in the US and the UK and are as young as 19 years old, began targeting Caesars as early as August 27.

ALPHV/BlackCat group claims responsibility


The ALPHV/BlackCat ransomware group has claimed responsibility for the MGM Resorts cyber outage, according to a post by malware archive vx-underground.

The group claims it used common social engineering tactics, or gained trust from employees to get inside information, to try and get a ransom out of MGM Resorts. However, the company reportedly refused to pay.

10-minute phone call led to hacking

The group claimed that the conversation that granted initial access took just 10 minutes.

“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” the organisation wrote in a post on X. The group is said to have a ‘nasty reputation’ and is well known for their social engineering tactics.

According to a report by the US Securities and Exchange Commission, Caesar’s was compromised around the exact same time as MGM and the technique used in both attacks was the exact same in both cases.



Click Here For The Original Story From This Source.

How can I help you?
National Cyber Security