MGM hackers waited for days before issuing their ransom demands


An exterior view of Park MGM hotel and casino, after MGM Resorts shut down some computer systems due to a cyber attack in Las Vegas, Nevada, US, on Sept 13, 2023. MGM, the largest owner of casinos on the Las Vegas Strip, estimates the hack began on the evening of Sept 7. — Reuters

MGM Resorts International chief executive officer Bill Hornbuckle chose not pay a ransom to hackers who broke into his casino chain’s computer system because they didn’t ask for money until well after the company discovered the attack.

The intruders moved through MGM’s systems for several days before sending a ransom note, Hornbuckle said in an interview Tuesday. The attack was so far along and the company had already begun rebuilding systems that were pulled offline that Hornbuckle chose to not even respond to the hackers.

“I’d love to tell you there was this, you know, ‘a jump on a white horse moment and devil be damned – we’re not paying these bastards’,” Hornbuckle said. “The reality is because we caught this so early and we were on them.”

MGM, the largest owner of casinos on the Las Vegas Strip, estimates the hack began on the evening of Sept 7. The company tried to shut down systems before the attackers could steal any data, but they ultimately got into the corporate Domain Name System (DNS) layer, which helps run all of a company’s applications and can be used to deploy malware.

“They had gotten into the arteries to the heart so they could choke things off,” Hornbuckle said.

Management created a war room that included executives, IT professionals, lawyers and cybersecurity consultants. Employees working with guests began operating in manual mode, writing down customers’ names and credit-card info on clipboards at check-in. Slot machine patrons were paid out in cash by attendants rather than via paper vouchers.

It wasn’t until days later that the hackers sent a ransom note. By that point, the attackers were knocking core systems offline, including payroll, purchasing and phones, and a booking system that handles 20,000 reservations a day.

“Literally everything was out,” Hornbuckle said. “They clearly got wind of what we were doing and closed us down in the balance.”

Scattered Spider, a group of young men based in the US and the UK, is believed by cybersecurity experts to have instigated the MGM attack, as well as a similar incursion at rival Caesars Entertainment Inc.

After the MGM attack, Caesars confirmed it paid a ransom to hackers. Hornbuckle said he wasn’t aware of the Caesars breach until after MGM was hit. He declined to disclose the amount of the ransom demand.

The incident will reduce MGM’s third-quarter earnings by about US$100mil (RM472.65mil) and add US$10mil (RM47.26mil) to expenses, most of which will be covered by insurance.

“I can only imagine what next year’s bill will be,” Hornbuckle said on a panel Tuesday at the Global Gaming Expo, a trade show in Las Vegas.

Four weeks in, the casino giant’s systems are fully operational, apart from one server relating to loyalty points, Hornbuckle said. He’s also glad he made the decision not to pay.

“They’re not hanging over us with our database in their hand or ultimately the keys to the empire,” he said. “And so we feel great about that part.” – Bloomberg

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Next In Tech News

Poco launches its C75 smartphone (priced from RM499) and Poco Pad (from RM1,399) in Malaysia
Chinese social media buzzes with admiration for Trump’s comeback
In this US school district, some parents are pushing back against a cellphone ban
After Trump took the lead, election deniers went suddenly silent
Australia moves to ban children under 16 from social media
South Korea fights deepfake porn with tougher punishment and regulation
PlayStation 5 Pro goes on sale, will gamers pay hefty price to play?
Roblox will ban kids under 13 from ‘social hangouts’
This robot can fold laundry
Canada orders TikTok’s Canadian business to be dissolved but won’t block app

Others Also Read