Hacker group ALPHV has officially taken responsibility for the MGM Resorts International cyberattack in a post to its website, warning that it will launch further attacks and release any sensitive data in its possession if the company does not reach out.
The affiliate of the BlackCat ransomware group said it began infiltrating MGM a week ago, causing the casino giant to shut down its systems on Sunday. This has caused mass disruption ever since, leaving withdrawals inactive, slot machines unusable, and hotel guests unable to check-in.
In fact, ALPHV said it only launched its ransomware attack the following day “after trying to get in touch but failing,” encrypting more than 100 ESXi hypervisors. Since then, the casino giant has supposedly failed to contact the group in any way despite a “victim chat” set up to open a dialogue.
exemplifies the company’s lack of care for its customers
While ALPHV stated it does not know if it has stolen any sensitive data from guests of MGM, it said that if it does not hear from the company it will release all relevant data online. The hackers shared their belief, however, that MGM would not pay the ransom. They said that this – along with alleged insider trading – exemplifies the company’s lack of care for its customers.
“This corporation is riddled with greed, incompetence, and corruption. You believe that this company is concerned with your privacy and well-being while visiting one of their resorts?” the group questioned. “Other lodging options, including casinos, are undoubtedly open and happy to assist you.”
Reports surfaced earlier this week that Caesars Entertainment also suffered an attack by ALPHV only recently. The casino company ultimately paid out millions, although the final amount is unconfirmed. ALPHV demanded $30m in that case.
VegasSlotsOnline News recently spoke with a cybersecurity expert to get his insight into the MGM attack.