"Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack"

A known ransomware gang has recently taken credit for the highly disruptive cyberattack on MGM Resorts, and the hospitality and entertainment giant has yet to restore many of the impacted systems.  It is unknown how long the hackers had access to the company’s systems, but the attack came to light on September 10, and the next day, MGM issued a statement saying it was forced to shut down many systems due to a cybersecurity issue.  The incident has impacted MGM’s website, casinos, and systems used for email, restaurant reservations, hotel bookings, and even digital hotel room keys.  Security researchers at Vx-underground stated that the ransomware group named ALPHV (aka BlackCat), specifically one of its subgroups, has taken credit for the attack.  The hackers told the researchers they gained initial access to MGM Resorts systems using social engineering.  The researchers noted that from what they were told, all the ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, and then call the Help Desk.  The researchers noted that there is no mention of MGM on the ALPHV leak website, but victims are typically only named on the site when negotiations with the cybercriminals fail or stall.  Other researchers at Reuters say they learned from sources that a threat group tracked as Scattered Spider is behind the attack on MGM.  Scattered Spider, also known as 0ktapus and UNC3944, is described by cybersecurity researchers as an ALPHV ransomware affiliate.  Scattered Spider, in the past, also hacked casino giant Caesars Entertainment, which has reportedly paid tens of millions of dollars to the cyber criminals.  MGM has filed an 8-K form with the US Securities and Exchange Commission (SEC) regarding the cyberattack, which indicates that the incident may have a material impact on the company. 

 

SecurityWeek reports: "Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack"

Submitted by Anonymous on