ALPHV/BlackCat Claims To Be Responsible For MGM Resorts System Disorders

The ALPHV/BlackCat ransomware group claimed responsibility for system disruptions experienced by MGM Resorts on Tuesday, September 12. This is in a post by the malware vx-underground archive. The group claims to have used general social engineering tactics, namely gaining trust from employees to obtain information in an effort to get ransom from MGM Resorts.

However, the company reportedly refused to pay. The conversation that gave the initial access took only 10 minutes, according to claims from the group.

"What the ALPHV ransomware group did to compromise MGM Resorts was simply to find employees via LinkedIn, then call Help Desk," the organization wrote in a post on X. The details came from ALPHV, but were not independently verified by security researchers.

The international resort network began experiencing disruptions earlier this week, when customers saw slot machines at the casino owned by the MGM Resorts died in the Las Vegas Strip.

On Wednesday morning, September 13, MGM Resorts still showed signs that they were experiencing disruptions, such as the continuation of website disruptions. MGM Resorts has not yet responded to a request for comment, but said in a statement on Tuesday that "Our resorts, including restaurants, entertainment and gambling, are currently operating."

The MGM Resorts website on Wednesday morning still displays messages that websites are not available.

ALPHV has a reputation in the cybersecurity community as a group "very proficient in social engineering for early access," according to the vx-underground.

From there, they usually use ransomware hoaxes to force targets to pay the ransom, and they have attacked large company targets. In July, ALPHV and other threat actors, Clopp, listed beauty giant Est total Lauder on their leaked data site.