"A company valued at $33,900,000,000 was defeated by a 10-minute conversation,"
New information has emerged claiming that the ALPHV/BlackCat ransomware group is responsible for Monday's debilitating cyberattack on MGM Resorts International. With rumors about a large ransom payment, some experts say the Las Vegas-based company may not even have been able to pay its employees on Friday.
According to a Tuesday night post from malware repository vx-underground, the ransomware gang was able to breach the entertainment and hospitality giant through a social engineering attack.
“All the ALPHV ransomware group did to compromise MGM Resorts was log on to LinkedIn, search for an employee, and then call support,” vx-underground posted on X (formally known as Twitter).
"A company valued at $33,900,000,000 was defeated by a 10-minute conversation,"
All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk.
— vx-underground (@vxunderground) September 13, 2023
A company valued at $33,900,000,000 was defeated by a 10-minute conversation.
the publication said.
According to vx-undeground, the threat actors themselves have claimed responsibility, although at the time of writing ALPHV/BlackCat has not mentioned the attack on its dark leak pages.
Monday's cyberattack forced hotel group MGM to shut down the company's network systems, leaving rooms inaccessible, digital room keys invalid, slot machines out of service, ATMs inoperable and casinos empty.
The websites of MGM's 31 resorts, including the dozen located directly on the Las Vegas Strip, have also been down since Monday, as has the company's mobile rewards app, leaving front-office staff struggling to accommodate cranky guests who have been constantly posting on social media throughout the ordeal.
Apparently, the same scene is being reported at other MGM resorts, including in Las Vegas. Ironically, the cyberattack took place just weeks after the world's two largest cybersecurity and hacker events (Black Hat and DEF CON) arrived in Las Vegas without incident. Meanwhile, security experts have been debating how threat actors were able to compromise the massive hotel and casino conglomerate and whether a ransom will eventually be paid.
Screen shot of the information hijacking notice
Vx-underground and others agree. The first said: “This particular subgroup of ALPHV ransomware has earned a reputation for having notable social engineering talent for initial access.”
"Vishing [voice or call-based phishing] is surprisingly easy right now in terms of people not caring about cyber.
“Employees are so exhausted, and organizations are overworking combined with alert fatigue… it makes things extremely easy,” they said.
I called ALPHV being responsible....sadly. Vishing is surprisingly easy right now in terms of people not caring in cyber. Employees are so burnt out and organizations are loading up work combined with alert fatigue....makes things extremely easy.
— EvilSec (@EvilSecOfficial) September 13, 2023
Cybersecurity professional and my goal just by talking to IT using people I used on LinkedIn.”
In other developments, @LasVegasLocally, a user who has been regularly posting on X with MGM insiders since the breach, said Tuesday night that "MGM Resorts executives are concerned the company won't be able to pay employees on Friday".
Funds issue or payroll system compromised? A lot of sensitive information goes with the transmission to the Federal Reserve. If they aren’t fully secured they may need to cut manual checks
— Luis Roman (@luisromanvlog) September 13, 2023
On Monday, rumors also spread on social media about Las Vegas resort Caesar's Palace and its own brush with ransomware.
The story being told is that the hotel and casino were also compromised by threat actors the week before, and the company decided to quietly pay a $30 million ransom to the attackers, primarily to "avoid the problems MGM is experiencing." ".
Who is ALPHV/BlackCat ransomware?
While MGM continued to struggle with its recovery on Tuesday, around 5 p.m. ET, ALPHV/BlackCat was busy posting 2.5TB of stolen data from another of its alleged victims, semiconductor maker Seiko, whose attack was made public in August.
The ALPHV/BlackCat ransomware gang has existed since 2021. Operating as a ransomware-as-a-service (RaaS) model, the gang is known for its use of the Rust programming language. According to a Microsoft research profile, ALPHV/BlackCat is also known to have worked closely with other ransomware groups such as Conti, LockBit, and REvil, as well as having ties to the Darkside and Blackmatter cybercriminal cartels.
According to cybersecurity analyst ANOZR WAY, the group was responsible for about 12% of all attacks in 2022. In mid-May, the gang said it had breached Mazars Group, an international auditing, accounting and consulting firm.
The group is currently known to use a more sophisticated ransomware variant known as Sphinx.