MGM Resorts is currently scrambling to recover from a powerful ransomware attack that happened last Monday, causing a substantial amount of network systems to go down. Company websites as well as many crucial systems are currently offline, including the MGM app, which facilitates reservations, acts as a digital key to unlock rooms, and allows users to pay for food. MGM made an announcement on X acknowledging the attack at 11:30 AM Monday.

The question arises: how could such a complex system have been compromised so easily? According to malware archive vx-underground on X, ALPHV was able to gain access to the MGM systems by socially engineering an IT helpdesk employee they found on LinkedIn. “A company valued at $33,900,000,000 was defeated by a 10-minute conversation,” vx-underground said in their tweet from Tuesday night.

Vx-underground goes on to further suggest that MGM Grand will not meet ALPHV’s demands, commenting: “In our opinion, MGM will not pay,” meaning that the issue could last a while, at least until MGM takes action to replace compromised systems. The ransomware attack has also caused substantial delay in helping customers, as shown by this video from Tuesday at MGM Bellagio.

Ryan McConechy, CTO of Barrier Networks, said it’s often typical for organizations with systems as large and as complicated as MGM’s to shut down in order to prevent further enumeration. “Until MGM provides more information, it’s not clear the exact reason why they decided to take this action…maybe to prevent active attackers pivoting or malware spreading…but it is a very costly move,” McConechy stated. “For every minute the gaming floor was down, MGM was losing money. Likewise, with reservations and their websites still being down, the company continues to suffer massive financial losses,” he explained. As of Wednesday, the MGM website is still unavailable, as well as many slot machines in various MGM casinos.

What is ALPHV/BlackCat?

BlackCat, alternatively referred to as ALPHV, emerged onto the ransomware scene in November 2021. Specifically, BlackCat operates as a ransomware-as-a-service (RaaS) entity and ranks among the most sophisticated RaaS ventures to date. BlackCat ransomware is meticulously engineered to resist removal efforts and may make attempts to incapacitate antivirus software or other protective measures. Additionally, it can tamper with system files and configurations to establish a persistent presence and complicate the recovery process after an attack. The culprits behind BlackCat ransomware demand payment, typically in the form of cryptocurrency like Bitcoin, in exchange for the decryption key. Victims may also encounter a message on their screens containing instructions on how to fulfill the ransom payment and obtain the decryption key.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Questions or concerns? Feel free to reach out to us any time – 

https://www.netizen.net/contact