Connect with us

Hi, what are you looking for?



Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack

A known ransomware gang has taken credit for the highly disruptive cyberattack on MGM Resorts, and the company has yet to restore impacted systems.

MGM Resorts ransomware

A known ransomware gang has taken credit for the highly disruptive cyberattack on MGM Resorts, and the hospitality and entertainment giant has yet to restore many of the impacted systems.

It’s unclear for how long hackers had access to the company’s systems, but the attack came to light on September 10, and the next day MGM issued a statement saying it was forced to shut down many systems due to a cybersecurity issue.

The incident has impacted MGM’s website, casinos, and systems used for email, restaurant reservations, and hotel bookings, and even digital hotel room keys. 

Vx-underground, a research organization providing malware samples and threat intelligence, reported on Wednesday that the ransomware group named ALPHV (aka BlackCat), specifically one of its subgroups, has taken credit for the attack.

The hackers told Vx-underground that they gained initial access to MGM Resorts systems using social engineering. 

“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation,” Vx-underground said in a message posted on X, formerly Twitter. 

There is no mention of MGM on the ALPHV leak website, but victims are typically only named on the site when negotiations with the cybercriminals fail or stall.

Advertisement. Scroll to continue reading.

In addition to encrypting files, the hackers typically steal valuable information from compromised systems in an effort to pressure the victim into paying up. 

Reuters has learned from sources that a threat group tracked as Scattered Spider is behind the attack on MGM. 

Scattered Spider, also known as 0ktapus and UNC3944, was previously described by cybersecurity researchers as an ALPHV ransomware affiliate. The financially motivated group has been known to target mobile carriers, cryptocurrency firms, as well as Twilio, Cloudflare and many other organizations with SMS-based phishing messages. 

Scattered Spider, according to Bloomberg, also hacked casino giant Caesars Entertainment, which has reportedly paid tens of millions of dollars to the cybercriminals.

The MGM Resorts website and many other systems that were taken offline in response to the attack have yet to be restored. 

MGM has filed an 8-K form with the US Securities and Exchange Commission (SEC) regarding the cyberattack, which indicates that the incident may have a material impact on the company. 

Rating agency Moody’s said the incident could have a negative effect on MGM’s credit rating. The breach has also had an impact on MGM shares

Last year, MGM Resorts-owned online sports betting company BetMGM suffered a data breach, with hackers claiming to have stolen the information of 1.5 million customers.

Related: Cybersecurity Companies Report Surge in Ransomware Attacks

Related: Ransomware Group Starts Leaking Data From Japanese Watchmaking Giant Seiko
Related: ALPHV Ransomware Operators Pressure Victim With Dedicated Leak Site

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


US payments giant NCR has confirmed being targeted in a ransomware attack for which the BlackCat/Alphv group has taken credit.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.