Ransomware Attack Crippled Las Vegas Casinos: From Outage To Free Lap Dances

18/09/2023

MGM Resorts International in Nevada said in a filing with the Securities and Exchange Commission (SEC) that it suffered a cyberattack.

The company experienced a computer outage on Monday which affected operations at several properties.

According to an MGM spokesperson in a statement:

"MGM Resorts recently identified a cybersecurity issue affecting certain of the company’s systems."

"Promptly after detecting the issue, we began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and are taking steps to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to resolve the matter. The company will continue to implement measures to secure its business operations and take additional steps as appropriate."

MGM Resorts has has about 40 million loyalty rewards members and tens of thousands of hotel rooms in Las Vegas at properties that include the MGM Grand, Bellagio, Aria and Mandalay Bay. It also operates properties in China and Macau.

Soon after the hack, MGM customers reported that everything from slot machines to hotel communication systems have been inoperable at MGM venues in Las Vegas.

Check-in lines are growing, room access cards and ATMs don't work, and people are unable to use food, beverage, and free play credits.

Because of this, the hotels had to rely on physical room keys, and the casinos resorted to manual cash payouts.

Physical paper vouchers were also handed out to customers.

And more, reservations could only be made at MGM properties through third-party booking sites.

The MGM Grand hotel-casino in Las Vegas
From long queues to unavailable slot machines in the MGM Grand hotel-casino in Las Vegas.

An affiliate of the notorious ransomware group APLHV, a Russia-based gang that is also known as BlackCat, claimed responsibility this week for the MGM attack.

The gang said that they exfiltrated data from the network and maintain access to some of MGM’s infrastructure, threatening to deploy new attacks unless an agreement to pay a ransom is reached.

According to reports the hackers managed to sneak their way in by breach MGM's systems through a security vulnerability in Okta Agent.

Okta is a popular identity and access management (IAM) provider for the cloud.

"MGM made the hasty decision to shut down each and every one of their Okta Sync servers after learning that we had been lurking in their Okta Agent servers sniffing passwords of people whose passwords couldn't be cracked from their domain controller hash dumps," ALPHV wrote on its leak site.

"This resulted in their Okta being completely out."

It's also reported that the hackers gained elevated access to the system using social engineering hack.

Methods include SMS text phishing and phone calls to MGM help desks to attempt to obtain password resets or multifactor bypass codes.

This was suggested because a spokesperson for BlackCat/ALPHV confirmed by saying that it was their "adverts" that carried out the MGM attack.

The whole process reportedly took only 10 minutes.

The MGM Grand hotel-casino in Las Vegas
The MGM Grand hotel-casino in Las Vegas.

Things didn't stop there, because Caesars Entertainment, the casino and hotel company in Nevada with office in Las Vegas, also said in a filing that it suffered a data breach in which many of its loyalty program members' Social Security numbers and driver's license numbers were stolen, along with other personal data.

It's said that Caesars had paid roughly half of the $30 million its attackers demanded in exchange for a promise that they wouldn't release stolen customer data.

But as for MGM Resorts, they remained silent, and show no interest in initiating negotiation whatsoever.

The website for MGM Resorts also went down
The website for MGM Resorts also went down.

Realizing that MGM is taking a firm stance to communicate through the provided chat network, the threat actor said that they deployed the ransomware attack.

“After waiting a day, we successfully launched ransomware attacks against more than 100 ESXi hypervisors in their environment on September 11th after trying to get in touch but failing. This was after they brought in external firms for assistance in containing the incident,” BlackCat/ALPHV said.

To pressure the company even more into paying, BlackCat threatened to use their leveraged access to MGM’s infrastructure to "carry out additional attacks."

The group however, denied involvement in the Caesars hack.

Reports later said that the culprits behind the Caesars attack is Scattered Spider.

Scattered Spider is believed to be a group of threat actors who are known use a wide range of social engineering attacks to breach corporate networks.

Following the hack, a number of businesses extend their hospitality to provide assistance.

At least one strip club in Las Vegas, for example, said that it's offering some of its services for free to those affected by the MGM Resorts hack.

According to Larry Flynt's Hustler Club, it's also offering free luggage storage and airport pickup for those who experience delays in check-in. It even went as far as providing a complimentary $1,200 platinum VIP membership and free lap dances.

Affected guests of MGM Resorts can get freebies.
Affected guests of MGM Resorts can get freebies.

Brittany Rose, general manager of the strip club, said that all she wants is to take the stresses out from customers and employees impacted by the unfortunate incident.

"Our hearts go out to both the employees as well as the tourists who have been affected by this devastating event. As members of the hospitality industry, we decided to do our part to help improve the guest experience during their visit to Las Vegas which will in turn alleviate the stress of the employees who are so diligently handling the situation," Rose said.

To earn this complimentary, people have to be over 21 years old, and a valid hotel reservation at any MGM property from September 10 onward.

While some businesses offer their services for free, the cyberattack at MGM has proved itself to be a gift to other Sin City's gentlemen's club. Strip bars and more reported that they saw a spike in foot traffic coming to their venues, as well as an increase in reservations and ride service usage. Strippers there also reported bringing in up to $2,000 more per night.

Hotels and casinos have long been the targets for attackers because they make a lot of money, hold potentially valuable customer data, and historically haven't always been well secured.