MGM Resorts Battles Ongoing Cyberattack Disruption, Scattered Spider Claims Responsibility

Las Vegas, NV hotel and entertainment giant MGM Resorts is grappling with a major cyberattack that has disrupted its operations for the past five days. The cyberattack, which began on Sunday, forced MGM to shut down significant portions of its internal networks, affecting various aspects of its services.

Guests at MGM’s hotels and casinos, including renowned establishments like the Bellagio, Aria, and Cosmopolitan, have reported widespread disruptions. These include non-functional ATMs and slot machines, as well as issues with digital key cards and electronic payment systems. Additionally, hotel room TVs and phone lines are reportedly offline.

Despite MGM’s initial assurance that its resorts, encompassing dining, entertainment, and gaming, were “currently operational,” social media posts and reports from affected guests suggest otherwise. Casino operations remain suspended, leading to long queues as staff resort to manual processes using pen and paper.

MGM’s website has also been affected, prompting the company to direct customers to use its Rewards app for bookings. To accommodate guests affected by the ongoing outage, the company is waiving change and cancellation fees for arrivals until September 17.

The hacking group Scattered Spider has claimed responsibility for the cyberattack on MGM Resorts. This revelation came to light through a report by vx-underground, which identified Scattered Spider as a subgroup of the ALPHV ransomware gang. It is currently unknown if any data was stolen from MGM’s systems.

Scattered Spider’s motives appear purely financial, a group representative told TechCrunch on Thursday, “If you have money, we want it.” The group reportedly recruits young individuals, including minors, due to lenient legal consequences in their respective jurisdictions.

While the FBI is investigating the MGM cyberattack, US authorities consistently advise victims not to pay ransoms to cybercriminals. MGM has yet to provide detailed information about the nature of the cyberattack beyond initial filings earlier this week, leaving guests and observers concerned about the extent of the breach and when normal operations will resume.

Information for this story was found via TechCrunch, X, and the sources and companies mentioned. The author has no securities or affiliations related to the organizations discussed. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.

Leave a Reply