Group Claims Credit For MGM Cyberattack; Caesars Confirms Earlier Attack
Chaos hit the Las Vegas Strip and elsewhere earlier this week when a cyberattack shut down casino operations at various MGM Resorts International properties, affecting tens of thousands of guests at some of the busiest resorts in the country. Several days later, things are returning to normal at those casinos.
On Sept. 10, casino guests began posting photos and clips of slot machines shut down and other operational issues at MGM casinos. The next day, MGM reported a "cybersecurity issue affecting some of the Company's systems."
Issues at various MGM casinos continued throughout the week as the Federal Bureau of Investigation (FBI) was pulled in to investigate.
On Sept. 12, MGM posted an update stating that "our resorts, including dining, entertainment, and gaming are currently operational, and continue to deliver the experiences for which MGM is known."
Still, guests continued to report issues as videos of long check-in lines and inactive slots made the rounds on social media.
Scattered Spider Claims Credit
On Sept. 14, Scattered Spider, a subgroup of the ALPHV ransomware gang, claimed credit for the cyberattack, demanding a ransom from MGM and threatening to carry out additional attacks.
"We still continue to have access to some of MGM's infrastructure," Scattered Spider wrote in a statement shared to X by @LasVegasLocally. "If a deal is not reached, we shall carry out additional attacks. We continue to wait for MGM to grow a pair and reach out as they have clearly demonstrated that they know where to contact us."
By Friday, five days after the reported cyberattack, things at Las Vegas casinos had largely returned to normal.
"We continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly," MGM wrote in a Sept. 14 statement. "We couldn't do this without the thousands of incredible employees who are committed to guest service and support from our loyal customers. Thank you for your continued patience."
The websites for MGM Resorts and its properties were down for several days as a result of the cyberattack. As of Friday afternoon, those websites were once again operational.
Caesars Paid Ransom In Earlier Cyberattack
The cyberattack on MGM Resorts International also revealed information about an earlier attack on another Las Vegas gaming giant, Caesars Entertainment.
In a US Securities and Exchange Commission (SEC) filing this week, Caesars Entertainment disclosed that it was the victim of a cyberattack earlier this month by a group demanding $30 million in ransom. A source told CNBC that Caesars agreed to pay about half of that, which would be around $15 million.
"We have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter," the SEC filing states. "The full scope of the costs and related impacts of this incident, including the extent to which these costs will be offset by our cybersecurity insurance or potential indemnification claims against third parties, has not been determined. Although we are unable to predict the full impact of this incident on guest behavior in the future, including whether a change in our guests’ behavior could negatively impact our financial condition and results of operations on an ongoing basis, we currently do not expect that it will have a material effect on the Company’s financial condition and results of operations."
The cyberattacks do not appear to be directly related as a Scattered Spider representative told the tech outlet TechCrunch it had “no involvement” in the Caesars attack.