ALPHV: Casinos and hotels in Las Vegas paralyzed by hack

B2B Cyber ​​Security ShortNews

Share post

MGM Resorts, a U.S. operator of hotels and casinos, was recently hit by a ransomware attack that disabled multiple systems at some of its key Las Vegas locations, bringing operations to a halt at several Las Vegas casinos and hotels brought.

MGM Resorts, which operates many of Las Vegas' most popular casinos and hotels including the Bellagio, is still dealing with the aftermath of the attack. At the beginning of last week, hackers significantly disrupted operations, leading to casino closures. The attack left guests locked out of their rooms and unable to transact on-site or through the MGM mobile app. The affected casino hotels ultimately had to process the transactions manually. This incident is expected to have a material impact on the Company's operations.

Casinos closed, hotel doors locked

At the time of the incident, it was unclear who was behind the campaign, although speculation was circulating on social media platforms. It is now clear that the ransomware group ALPHV has taken responsibility. She posted a statement on her dark web page, marking the first time she publicly revealed she was involved in an attack. In the statement, the group describes how it penetrated the systems of MGM Resorts on September 11th. During negotiations with MGM, they did not disclose what personal information they exfiltrated, but said they will notify external websites such as if discussions with MGM do not result in a resolution in their favor.

ALPHV and the rise of mega-ransomware

Like many established ransomware groups, ALPHV has evolved into an organized operation that carries out large-scale attacks on well-known companies. ALPHV (also known as BlackCat) is a threat actor that conducts illicit business via Ransomware-as-a-Service (RaaS) and first emerged in late 2021. The group is known for using the Rust programming language and being able to attack Windows and Linux-based operating systems. ALPHV is marketed in cybercrime forums and operates an affiliate program. The group is also notorious for sharing stolen data if its ransom demands are not met, and runs several dark web blogs for this purpose. ALPHV is one of the largest RaaS threat groups, accounting for nearly 12 percent of all victims posted on dark web shame sites in the last 9 months, a close second cl0p (over 9 percent) and lock bit (21,5 percent).

Hundreds of victims refuse to pay ALPHV

In the last 12 months, ALPHV published the identities of around 400 of its victims who refused to pay the ransom. The geographic distribution of victims is typical of the ransomware ecosystem, with more than half based in the United States. ALPHV finds almost three percent of its victims in German companies. As of August 2023, Check Point Research observed 918 average weekly cyberattacks per company in the leisure/hospitality industry worldwide, with 396 occurring in the United States. This put this sector in 11th place among the most frequently attacked industries in the first half of the year. ALPHV targets victims in various sectors, including manufacturing, healthcare and legal.

More at


About check point

Check Point Software Technologies GmbH ( is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.


Matching articles on the topic

Cyber ​​danger Raspberry Robin

A leading provider of an AI-powered, cloud-delivered cybersecurity platform warns about Raspberry Robin. The malware was first released in the year ➡ Read more

New scam Deep Fake Boss

Unlike classic scams such as the email-based boss scam, the Deep Fake Boss method uses high-tech manipulation ➡ Read more

Classification of the LockBit breakup

European and American law enforcement authorities have managed to arrest two members of the notorious LockBit group. This important strike against the ransomware group ➡ Read more

The Bumblebee malware is back

The Bumblebee malware is being used again by cybercriminals after an absence of several months. IT security experts were recently able to identify an email campaign that used the brand ➡ Read more

Microsoft Defender can be tricked

Microsoft's antivirus program Defender contains a component that is intended to detect and prevent the execution of malicious code using Rundll32.exe. This ➡ Read more

Ransomware attack on IT service providers

A data center owned by the Finnish IT service provider Tietoevry located in Sweden was recently attacked with ransomware. Numerous companies, authorities and universities are ➡ Read more

Threat potential from state actors

The extent of the current threat situation is illustrated by a cyber attack that recently occurred in Ukraine. According to the state ➡ Read more

Global Threats: Data Protection for Local Data

Ransomware attacks, data stealer attacks, exploits for vulnerabilities: Even if the attacks are global, they are aimed at a local part ➡ Read more