MGM Resorts, a U.S. operator of hotels and casinos, was recently hit by a ransomware attack that disabled multiple systems at some of its key Las Vegas locations, bringing operations to a halt at several Las Vegas casinos and hotels brought.
MGM Resorts, which operates many of Las Vegas' most popular casinos and hotels including the Bellagio, is still dealing with the aftermath of the attack. At the beginning of last week, hackers significantly disrupted operations, leading to casino closures. The attack left guests locked out of their rooms and unable to transact on-site or through the MGM mobile app. The affected casino hotels ultimately had to process the transactions manually. This incident is expected to have a material impact on the Company's operations.
Casinos closed, hotel doors locked
At the time of the incident, it was unclear who was behind the campaign, although speculation was circulating on social media platforms. It is now clear that the ransomware group ALPHV has taken responsibility. She posted a statement on her dark web page, marking the first time she publicly revealed she was involved in an attack. In the statement, the group describes how it penetrated the systems of MGM Resorts on September 11th. During negotiations with MGM, they did not disclose what personal information they exfiltrated, but said they will notify external websites such as haveibeenpwned.com if discussions with MGM do not result in a resolution in their favor.
ALPHV and the rise of mega-ransomware
Like many established ransomware groups, ALPHV has evolved into an organized operation that carries out large-scale attacks on well-known companies. ALPHV (also known as BlackCat) is a threat actor that conducts illicit business via Ransomware-as-a-Service (RaaS) and first emerged in late 2021. The group is known for using the Rust programming language and being able to attack Windows and Linux-based operating systems. ALPHV is marketed in cybercrime forums and operates an affiliate program. The group is also notorious for sharing stolen data if its ransom demands are not met, and runs several dark web blogs for this purpose. ALPHV is one of the largest RaaS threat groups, accounting for nearly 12 percent of all victims posted on dark web shame sites in the last 9 months, a close second cl0p (over 9 percent) and lock bit (21,5 percent).
Hundreds of victims refuse to pay ALPHV
In the last 12 months, ALPHV published the identities of around 400 of its victims who refused to pay the ransom. The geographic distribution of victims is typical of the ransomware ecosystem, with more than half based in the United States. ALPHV finds almost three percent of its victims in German companies. As of August 2023, Check Point Research observed 918 average weekly cyberattacks per company in the leisure/hospitality industry worldwide, with 396 occurring in the United States. This put this sector in 11th place among the most frequently attacked industries in the first half of the year. ALPHV targets victims in various sectors, including manufacturing, healthcare and legal.
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.