Caesars Entertainment Hacked Weeks Before MGM Breach, Allegedly Paid $30M Ransom
Caesars Entertainment reportedly paid a hefty ransom to hackers to prevent a data breach just weeks before the recent and ongoing cyberattack against MGM Resorts International.
The news that two of the biggest Nevada casino operators, and two of the largest U.S. hospitality operators in general, have been the victims of sophisticated cyber criminals over the space of a month is certainly concerning for the industry.
Caesars Entertainment, operator of Caesars Palace (pictured), Harrah’s, and many other U.S. casinos, found itself in the crosshairs of cybercriminals at the end of August.
According to insider sources spoken to by Bloomberg and The Wall Street Journal, the company paid tens of millions of dollars to hackers who had infiltrated their systems and threatened to release sensitive company data.
The exact amount remains a topic of debate, with some sources suggesting that Caesars paid roughly half of the $30 million initially demanded by the hackers. This move was made to ensure the safety of their data, end the disruption as quickly as possible, and keep the news quiet to avoid a PR disaster.
MGM Resorts in Turmoil
By paying the hackers ransom, Caesars managed to sidestep a major crisis without much press coverage at the time. However, MGM Resorts hasn’t been as fortunate.
The biggest U.S. gambling operator has been grappling with a significant cyberattack, with many of its systems, including credit card transactions, digital hotel room keys, slot machines, and sports betting kiosks being affected.
The ransomware gang, ALPHV/BlackCat, has claimed responsibility for the MGM Resorts hack. It has also targeted several other institutions, including universities and businesses.
Despite MGM claiming on social media that everything is back to fully operational, a simple scroll down through the comments shows that many guest are still experience problems with various services.
The Hackers Behind the Attacks
The hacking group known as Scattered Spider was reportedly responsible for the cyberattack on Caesars. It may have also been involved with the MGM hack, alongside a group called ALPHV/BlackCat.
In some cases, these cybercriminals gain access to internal systems through social engineering, a method where they actually talk to and manipulate companies’ employees into letting them access networks.
According to malware resource site VX-Underground, a similar technique was used in the MGM hack.
While paying off hackers might not be seen as the “right” thing to do from an ethical standpoint, it can sometimes be the most pragmatic course of action from a business perspective.
MGM’s stock has fallen by about 1.2% since the news broke, and New York-based credit agency Moody’s has said the operator’s credit could be affected. “A credit negative event,” one analyst called it.
Meanwhile Caesars stock also fell as this week’s news broke. But it rebounded quickly.
The Aftermath and Future Implications
These two hacks have not been the only cybercrimes to rock the gambling world in recent weeks. Last week, cryptocurrency offshore casino Stake.com was hit by a $40 million hack, which the FBI says was most likely perpetrated by a North Korean state-sponsored group.
These recent cyberattacks on these casino giants underscore the growing threat of digital extortion in the modern age. Companies, even multi billion international operators like MGM, must take appropriate steps to avoid its systems being compromised by bad actors.
While Caesars Entertainment might have avoided a major crisis, the incidents show there is no real good way out for operators after being hacked. The only good strategy is prevention.
In the wake of these events, Caesars Entertainment is expected to make an official disclosure to the Securities and Exchange Commission (SEC) on the details of the hack. This follows recent SEC rule changes that now mandate public companies to report cyberattacks or ransoms paid to hackers.
As for MGM Resorts, the company continues its efforts to mitigate the effects of the cyberattack and restore its systems to full functionality.