The ransomware group, ALPHV also known as BlackCat, is reportedly behind the cyber attack that shut down MGM Grand casinos on Monday, according to a report by malware archive vx-underground. The archive claims ALPHV was able to social-engineer their way into the company’s systems in 10 minutes, effectively shutting down MGM Resorts International properties across the U.S.
The ransomware group allegedly took hold of MGM’s computer systems in three simple steps, according to vx-underground. “All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” the organization wrote in a Twitter post. “A company valued at $33,900,000,000 was defeated by a 10-minute conversation,” it added.
Vx-underground suggested that MGM Grand has not met the ransomware gang’s demands, writing: “In our opinion, MGM will not pay.”
MGM Grand said in a Twitter post on Monday that it had taken immediate steps to secure its systems after receiving outage reports. An investigation is still underway and the extent of the attack remains unknown but an MGM spokesperson told AP News that it not only affected Las Vegas reservation systems and casino floors but also included locations in Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio.
The FBI is “aware of the incident,” the bureau said in a statement to the outlet, adding that the event is “still ongoing.” MGM Resorts issued a statement on Monday night saying its dining, entertainment, and gaming are operational and guests will be able to access their hotel rooms following reports that hotel key cards had stopped working.
The cybersecurity issues also reportedly delayed customers from checking in, prompted slot machines to display error messages, shut down paid parking systems, and affected the company website, which is still showing an error message as of Wednesday. Likewise, MGM’s booking site is down, telling customers to reach out to customer support with any questions.
“We’re aware that some customers are experiencing issues,” the site says. “Please know that our teams are working hard to get everything up and running, and we will update you once we’re fully restored.”
David Kennedy, chief executive officer of the cybersecurity company TrustedSec, told Bloomberg he wasn’t surprised by the MGM hack. “Casinos are hot right now,” he said, adding that he has responded to dozens of casino cyberattacks.
Brett Callow, a threat analyst at Emsisoft, a cybersecurity company, told the outlet that casinos are “an obvious candidate” for ransomware operators. “They have money and their downtime costs are high, which may mean they’re more likely to pay,” he said.
The FBI has warned in-person and online casinos of a rising threat of cyberattacks that affected several casinos in recent years. In 2017, hackers used a fish tank to hack a North American casino by using sensors that were connected to an internal PC that regulated the tank’s temperature, food, and cleanliness. The casino’s name and type of data stolen were not disclosed, but The Washington Post reported at the time that the hackers sent 10 gigabytes of data to a device in Finland.
MGM Resorts was similarly attacked in a 2019 breach that exposed data and information of roughly 10.6 million customers and earlier this month, the North Korean group, Lazarus, stole $41 million in virtual currency from the online casino and betting platform, Stake.com.