MGM hackers waited for days before issuing their ransom demands


An exterior view of Park MGM hotel and casino, after MGM Resorts shut down some computer systems due to a cyber attack in Las Vegas, Nevada, US, on Sept 13, 2023. MGM, the largest owner of casinos on the Las Vegas Strip, estimates the hack began on the evening of Sept 7. — Reuters

MGM Resorts International chief executive officer Bill Hornbuckle chose not pay a ransom to hackers who broke into his casino chain’s computer system because they didn’t ask for money until well after the company discovered the attack.

The intruders moved through MGM’s systems for several days before sending a ransom note, Hornbuckle said in an interview Tuesday. The attack was so far along and the company had already begun rebuilding systems that were pulled offline that Hornbuckle chose to not even respond to the hackers.

“I’d love to tell you there was this, you know, ‘a jump on a white horse moment and devil be damned – we’re not paying these bastards’,” Hornbuckle said. “The reality is because we caught this so early and we were on them.”

MGM, the largest owner of casinos on the Las Vegas Strip, estimates the hack began on the evening of Sept 7. The company tried to shut down systems before the attackers could steal any data, but they ultimately got into the corporate Domain Name System (DNS) layer, which helps run all of a company’s applications and can be used to deploy malware.

“They had gotten into the arteries to the heart so they could choke things off,” Hornbuckle said.

Management created a war room that included executives, IT professionals, lawyers and cybersecurity consultants. Employees working with guests began operating in manual mode, writing down customers’ names and credit-card info on clipboards at check-in. Slot machine patrons were paid out in cash by attendants rather than via paper vouchers.

It wasn’t until days later that the hackers sent a ransom note. By that point, the attackers were knocking core systems offline, including payroll, purchasing and phones, and a booking system that handles 20,000 reservations a day.

“Literally everything was out,” Hornbuckle said. “They clearly got wind of what we were doing and closed us down in the balance.”

Scattered Spider, a group of young men based in the US and the UK, is believed by cybersecurity experts to have instigated the MGM attack, as well as a similar incursion at rival Caesars Entertainment Inc.

After the MGM attack, Caesars confirmed it paid a ransom to hackers. Hornbuckle said he wasn’t aware of the Caesars breach until after MGM was hit. He declined to disclose the amount of the ransom demand.

The incident will reduce MGM’s third-quarter earnings by about US$100mil (RM472.65mil) and add US$10mil (RM47.26mil) to expenses, most of which will be covered by insurance.

“I can only imagine what next year’s bill will be,” Hornbuckle said on a panel Tuesday at the Global Gaming Expo, a trade show in Las Vegas.

Four weeks in, the casino giant’s systems are fully operational, apart from one server relating to loyalty points, Hornbuckle said. He’s also glad he made the decision not to pay.

“They’re not hanging over us with our database in their hand or ultimately the keys to the empire,” he said. “And so we feel great about that part.” – Bloomberg

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Next In Tech News

The war on wildfires is going high-tech
Opinion: Why I’m getting rid of my smartwatch
How smartphones powered the AI boom in 2024
Japan Airlines hit by cyberattack, causing some delays to its flights
'Marvel Rivals' climbs gamer charts in win for NetEase, Disney
How Finnish youth learn to spot disinformation
Opinion: In sunny Tahoe, a hollow-eyed tech billionaire pretends to be normal
An Apple AI blunder messed up headline summaries so badly some want the feature pulled
Google proposes altering contracts to correct illegal search monopoly
As elder fraud explodes, banks in the US beat back duty to call cops

Others Also Read