MGM’s Last Vegas casinos struggle with ongoing cybersecurity challenge

MGM and Caesars hit with massive cyber attack

MGM’s Las Vegas casinos are grappling with an ongoing “cybersecurity issue” that has persisted for five days since the initial hack. Slot machines remain silent, elevators are out of order, and guest service complaints are mounting.

A video shared from Aria’s casino reveals numerous gaming machines with blacked-out screens displaying an “out of service” message. Another clip showcases malfunctioning Aria slots with flickering screens, clearly indicating a software problem.

MGM has not provided specific details about the hack, which reportedly impacted its Las Vegas hotels and seven other states. However, they have said that “most of our property offerings currently remain operational” and continue accepting reservations through third-party booking sites.

Attack by ransomware group ALPHV

MGM Resorts’ website update on Friday confirmed that the company was still dealing with a cybersecurity problem. According to Cybernews’s cybersecurity watchdog site, the hackers responsible for the breach are identified as the ALPHV/BlackCat (ALPHV) ransomware group.

The ALPHV group issued a statement around 8 p.m. on Thursday, threatening “additional attacks” unless their ransom demands were met. MGM has not disclosed whether it intends to comply with the hackers.

In the meantime, the casinos have tried their best to quell the situation. A guest staying at Aria, one of the MGM-owned resorts, reported that the hotel was distributing a “guest recovery voucher to any hotel guest who complains about basically anything at all this weekend.” The $25 voucher serves as a gesture of apology, expressing the hotel’s regret if any aspect of the guest’s visit fell short of expectations.

In addition to substantial financial losses and offline slot machines, other recent reports included guests being locked out of their rooms, malfunctioning hotel phones, and MGM’s company website crashing.

On Friday, MGM Resorts International’s shares declined nearly 2 percent, closing at $40.97, as the company continued to grapple with its cybersecurity challenges.

Around the same time, Caesars Entertainment paid about $15 million to appease hackers who had threatened to expose sensitive customer data stolen during a cyberattack earlier in the summer. This payout was roughly half of the $30 million demanded by the hackers.

Caesars confirmed that the hackers had breached their systems through a “social engineering attack on an outsourced IT support vendor,” according to a regulatory filing.