MGM hackers waited for days before issuing their ransom demands


An exterior view of Park MGM hotel and casino, after MGM Resorts shut down some computer systems due to a cyber attack in Las Vegas, Nevada, US, on Sept 13, 2023. MGM, the largest owner of casinos on the Las Vegas Strip, estimates the hack began on the evening of Sept 7. — Reuters

MGM Resorts International chief executive officer Bill Hornbuckle chose not pay a ransom to hackers who broke into his casino chain’s computer system because they didn’t ask for money until well after the company discovered the attack.

The intruders moved through MGM’s systems for several days before sending a ransom note, Hornbuckle said in an interview Tuesday. The attack was so far along and the company had already begun rebuilding systems that were pulled offline that Hornbuckle chose to not even respond to the hackers.

“I’d love to tell you there was this, you know, ‘a jump on a white horse moment and devil be damned – we’re not paying these bastards’,” Hornbuckle said. “The reality is because we caught this so early and we were on them.”

MGM, the largest owner of casinos on the Las Vegas Strip, estimates the hack began on the evening of Sept 7. The company tried to shut down systems before the attackers could steal any data, but they ultimately got into the corporate Domain Name System (DNS) layer, which helps run all of a company’s applications and can be used to deploy malware.

“They had gotten into the arteries to the heart so they could choke things off,” Hornbuckle said.

Management created a war room that included executives, IT professionals, lawyers and cybersecurity consultants. Employees working with guests began operating in manual mode, writing down customers’ names and credit-card info on clipboards at check-in. Slot machine patrons were paid out in cash by attendants rather than via paper vouchers.

It wasn’t until days later that the hackers sent a ransom note. By that point, the attackers were knocking core systems offline, including payroll, purchasing and phones, and a booking system that handles 20,000 reservations a day.

“Literally everything was out,” Hornbuckle said. “They clearly got wind of what we were doing and closed us down in the balance.”

Scattered Spider, a group of young men based in the US and the UK, is believed by cybersecurity experts to have instigated the MGM attack, as well as a similar incursion at rival Caesars Entertainment Inc.

After the MGM attack, Caesars confirmed it paid a ransom to hackers. Hornbuckle said he wasn’t aware of the Caesars breach until after MGM was hit. He declined to disclose the amount of the ransom demand.

The incident will reduce MGM’s third-quarter earnings by about US$100mil (RM472.65mil) and add US$10mil (RM47.26mil) to expenses, most of which will be covered by insurance.

“I can only imagine what next year’s bill will be,” Hornbuckle said on a panel Tuesday at the Global Gaming Expo, a trade show in Las Vegas.

Four weeks in, the casino giant’s systems are fully operational, apart from one server relating to loyalty points, Hornbuckle said. He’s also glad he made the decision not to pay.

“They’re not hanging over us with our database in their hand or ultimately the keys to the empire,” he said. “And so we feel great about that part.” – Bloomberg

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Next In Tech News

'World of Warcraft' still going strong as it celebrates 20 years
Northvolt CEO steps down, says group needs up to $1.2 billion
Bitcoin at record highs, sets sights on $100,000
Ukraine urges gamers not to enter Chernobyl exclusion zone
Kioxia's market value set at $4.9 billion in IPO
Apple readies more conversational Siri in bid to catch up in AI
China’s richest man berates PDD, ByteDance for months of misery
WhatsApp rolling out transcription for voice messages in multiple languages
The sky's the limit for Bluesky
Two decades of Nintendo's top-selling DS console

Others Also Read