MGM Resorts and Caesars Entertainment Hit with Major Ransomware Attack

Earlier this month, MGM Resorts, which operates 30 hotel and gaming venues in Las Vegas as well as around the world, was the latest victim of a ransomware attack that brought the bustling gambling scene to a screeching halt. The attack impacted the hotel’s ability to serve guests and multiple slot machines and gaming systems were shut down at all MGM venues. Caesars Entertainment, a fellow industry giant, also fell victim to a similar ransomware attack around the same time as MGM. However, they opted to pay a substantial ransom, amounting to millions of dollars, to restore normal operations and reduce the impact of the breach on their day-to-day operations. MGM has refused to engage and cooperate with the hackers, leading to a complete business shut down. Both shares of MGM and Caesars Entertainment fell soon after the report of the ransomware attacks.

MGM resorts put out a statement on September 11th, reporting that their systems identified a cybersecurity issue affecting their systems and they are currently working with cybersecurity experts and law enforcement to identify the issue. Many users in the comments reported losing access to their online account and gamblers at the resort stated their money has been stuck in the machines due to the shutdown. The hack also disrupted hotel stays, with check-ins delayed and people locked out of their rooms due to the room key system being down.

Hacking group Scattered Spider was behind the MGM ransomware attacks. According to Reuters, this group uses social engineering to lure users into giving up their login credentials or one-time-password (OTP) codes, allowing them to bypass multi-factor authentication. In the case of the MGM compromise, there is speculation that the group navigated LinkedIn, identified an employee to impersonate, then called in the Help Desk to socially engineer and gain access initially. Once inside a network, the group holds personal data for a ransom and will only return the private information and refrain from sharing it on the dark web if it is paid.

The cause and impact of the latest breaches on the gambling giants is still being investigated. The Las Vegas Review Journal reported that MGM Resorts could be losing between $4.2 million and $8.4 million in daily revenue and around $1 million in cash flow everyday it’s under attack. Though operations weren’t affected, Ceasars Entertainment reported that hackers stole Social Security numbers and driver license numbers from a significant number of loyalty program customers.

What can you do to protect yourself?

If you’re a member at either resort, it can be scary to hear news stories that could have a great impact on your private data. Here are the top 3 steps the experts at Entara recommend to protect your personal data from being compromised:

1. Change your passwords

Change all passwords associated with your MGM account and any credit or debit cards that are linked to your account. Password management is crucial to protect your sensitive data and it’s good practice to both regularly change your password as well as use unique passwords . Look into using a password manager such as Keeper  which will automatically generate unique, secure passwords for all your accounts and remember them for you.

2. Monitor your accounts for suspicious behavior  

With ransomware attacks, it can be hard to know if your data has been comprised until it’s too late. Keep an eye on your credit and debit card accounts for any suspicious activities and be sure to report any immediately to your bank. You can also freeze or cancel any accounts associated with MGM to proactively stop threat actors from getting access.

3. Keep a record if your personal data was compromised

Many of these widespread attacks on large corporations end with a class-action lawsuit that could result in a payout for customers affected. While not all data breaches result in a settlement, it’s good to be prepared and closely monitor the response from the company, including steps taken to minimize the attack and protect their customer’s sensitive data.

4. Add Vishing to your cybersecurity awareness training

Vishing, or voice phishing, is an often under-estimated threat vector wherein attackers impersonate legitimate personnel or service providers over the phone to gain unauthorized access. By integrating vishing into your cybersecurity awareness training, you fortify your organization’s first line of defense – your employees.

Get Peace of Mind With Entara

Entara offers complete, integrated IT and cybersecurity solutions tailored to your company’s unique needs and challenges. As an eXtended Service Provider, in addition to managed IT and cybersecurity services, our 24/7/365 incident response team works day, night, and holidays to help businesses recover from cyber-attacks and remediate their systems to avoid repeat events. We employ a range of security integrations, such as email security solutions and user  awareness training, and technology services to better protect our clients’ systems, networks, and data.

Connect with us if you’re ready to strengthen your cybersecurity stance and want to prepare for the unpredictable with a comprehensive Incident Response Retainer or other proactive services. Learn more about Entara’s IR Retainer service here.  Connect with us to learn more about how we can support your organization.

Scroll to Top