MGM refused to pay the ransom to the cybercriminals.

MGM refused to pay the ransom to the cybercriminals. (Source – Pexels)

MGM refuses to pay ransom, and lost US$100m

  • The MGM hack led to halted operations and losses of up to US$100 million.
  • Despite the disruption, MGM stood firm against the hackers’ ransom demands.

Do you recall the recent unsettling news about MGM facing a cyberattack that disrupted its services, including the website? Customers worldwide have been grappling with questions like: “Has my data been compromised?” “Is it now in the hands of malicious hackers?” “What steps is MGM taking in response?”

MGM Resorts recently experienced a significant cyberattack that lasted 10 days, and according to recent regulatory submissions, the estimated damage is projected to be over US$100m.

While the cyberattack led to substantial economic repercussions for MGM — like the blackout of its 12 casino venues on the Las Vegas strip, disruption in hotel bookings, and distribution of complimentary food and drink vouchers — the company decided against meeting the hackers’ ransom demands, as reported by The Wall Street Journal.

The advice of the Federal Bureau of Investigation reportedly influenced the decision by MGM not to pay the ransom. The FBI consistently advises against giving in to hacker demands, according to insiders who spoke to The Wall Street Journal.

As the FBI’s official website mentions, paying a ransom post a cyberattack isn’t advisable. Succumbing to ransom demands doesn’t assure the return of stolen data and only motivates the culprits to target others, perpetuating illicit activity.

Contrarily, Caesars Entertainment purportedly disbursed nearly US$15 million to appease hackers who had compromised its systems. They had threatened to release confidential client data. As cited by The Wall Street Journal, this amount was about half of what was initially demanded.

An X user emphasized that everything is well and truly taken care of - mgm hack

An X user emphasized that everything is well and truly taken care of. (Source – X)

Data breaches and company response

Due to the hack, many guests faced delays in their check-ins. MGM acknowledged in an official statement that the hackers accessed client details, which included personal identifiers like names, contact details, date of birth, and driver’s license particulars. In some instances, social security and passport numbers were also exposed.

MGM didn’t disclose the exact number of affected customers. However, based on documents submitted to the US Securities and Exchange Commission, the data pertained to clients who had dealings with MGM before March 2019.

A silver lining amid this chaos is MGM’s assurance that the perpetrators didn’t access crucial data like passwords, bank credentials, or card information. In a gesture of goodwill, the company has started notifying affected customers and is offering complimentary credit monitoring and identity theft protection services.

MGM announced that its domestic operations have stabilized, and almost all client-centric systems are functional. They anticipate complete restoration of services soon. Expenses related to the cyberattack, which include tech consultancy, legal fees, and other expert services, totaled less than US$10m. However, the total projected loss stands at around US$100 million.

Behind the MGM hack: A glimpse into cybercriminals’ operations

Surprisingly, the hackers responsible for this massive breach are believed to be Gen Z individuals, with most aged between 17 and 22, as reported by the New York Post. The specifics about Scattered Spider (the threat group) remain sparse. Mandiant suggests that these individuals are primarily from the West, but the total number involved is uncertain.

Prior to launching their attacks, cybercriminals are known to procure employee data, primarily through social engineering tactics like ‘SIM swapping’. They also familiarize themselves with the operational intricacies of large corporations, identifying employees with elevated access levels, according to industry analysts.

David Bradbury, the Chief Security Officer of identity management firm Okta, witnessed this firsthand. Multiple Okta clients, including MGM, were compromised by Scattered Spider. Okta is known for its identity services, such as multi-factor authentication.

Bradbury commented on the sophistication of the hackers, noting their familiarity with Okta’s online courses and products. Their approach was unprecedented.

A larger group named ALPHV claimed responsibility for the MGM hack recently. Analysts believe that it supplied Scattered Spider with the necessary software and tools for the breach. Such collaborations are common in the world of cybercrime. ALPHV, identified by Mandiant as a “ransomware-as-a-service” provider, would likely receive a percentage of the earnings Scattered Spider procured from the hack.

In conclusion, the MGM cyberattack underscores the vulnerability of even large corporations in the face of sophisticated and determined cybercriminals. While MGM’s resilience in the aftermath is commendable, the incident is a cautionary tale for businesses worldwide.

With younger generations like Gen Z playing roles in such cyberattacks, it’s clear that cyber threats are evolving rapidly, requiring companies to be ever-vigilant and proactive in bolstering their security measures. As evidenced by the MGM and Okta connection, collaboration between firms will be vital in understanding and mitigating future threats.