Cybercriminals have recently targeted major Las Vegas casinos in ransomware attacks, aiming to extort large sums of money from high-value organizations. In a shift from their previous strategy, hackers focused on infiltrating the computer systems of casinos such as Caesars and MGM Resorts. Initially, the attackers planned to hack into the slot machines at MGM’s casinos to manipulate the results and hire individuals to win money. However, the slot machine software proved to be resilient, leading the hackers to resort to their backup plan. They encrypted the casino’s data and demanded a ransom payment to restore access.
The ransomware attacks forced several MGM-owned casinos and hotels, including the Bellagio and the Cosmopolitan, to temporarily halt computer usage and provide cash payouts to customers. Caesars, which experienced a similar attack earlier, managed to avoid significant disruptions by paying a ransom of $2.5 million. However, the company did not disclose the ransom payment in its filing with the U.S. Securities and Exchange Commission (SEC), which only mentioned the unauthorized access to customer information.
MGM’s CEO, Bill Hornbuckle, stated that the company did not pay a ransom and took measures to protect their networks from further malware spread. MGM later filed a report with the SEC, estimating losses of $100 million and confirming the compromise of customer information, including driver’s license and Social Security numbers. The company expressed confidence that its cybersecurity insurance would cover the incident’s costs.
The cybercriminal group responsible for the attacks, known as “Scattered Spider,” employed social engineering tactics to gain access to the casinos’ computer networks. They impersonated an MGM employee and contacted the company’s IT help desk to reset account credentials. This incident highlights the need for stricter security protocols, increased monitoring of computer systems, and network segmentation within the casino industry.
The SEC may scrutinize the filings made by Caesars and MGM, as the companies provided limited details about the attacks, including any ransom payments made. The ease with which the hackers infiltrated two major casino companies emphasizes the importance of robust cybersecurity measures, even for organizations with substantial financial resources.