The BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems.
The BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems.
BlackCat ransomware group claims to have infiltrated MGM's infrastructure since Friday and encrypted nearly 100 ESXi hypervisors after the company took down its internal infrastructure. MGM Resorts International properties across the country were effectively shut down in 10 minutes using social engineering techniques.
The ransomware group took control of MGM's computer systems in just three steps, according to vx-underground. ALPHV ransomware group compromised MGM Resorts by hopping on LinkedIn, finding an employee, and calling the Help Desk, according to the organization on Twitter. According to the company, a 10-minute conversation defeated a company worth $33,900,000,000.
Cybersecurity companies are tracking the threat actor that breached MGM Resorts as Scattered Spider. Other companies use different names to follow the same threat actor: 0ktapus (Group-IB), UNC3944 (Mandiant), and Scatter Swine (Okta).
MGM Grand announced on Monday that after receiving outage reports, it had taken immediate measures to secure its systems. The extent of the attack is still under investigation. Still, an MGM spokesperson told AP News that besides Las Vegas reservation systems and casino floors, it also affected locations in Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio.
Customers were delayed from checking in due to cybersecurity issues, slot machines displayed error messages, paid parking systems were shut down, and the company website was still showing an error message as of Wednesday. The booking site for MGM is also down, so customers are advised to contact customer service.
According to BlackCat, MGM Resorts remained silent on the provided communication channel, indicating that the company will not negotiate a ransom payment. MGM disconnected every one of their Okta Sync servers after learning that we were lurking on their Okta Agent servers in response to the breach.
The hackers do not know what type of data they stole from MGM but promise to share relevant information online unless they reach an agreement with MGM.
To compel MGM to pay even more, BlackCat threatened to use their current access to the company's infrastructure to carry out additional attacks.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?