MGM Resorts cyberattack hobbles Las Vegas Strip operations

MGM Resorts is battling to recover its systems following a Sept. 10 cyberattack that left its hotel operations across the country in digital disarray. Experts suspect a ransomware attack is behind the outages.

The damage is most acute in Las Vegas, where MGM Resorts is the largest single employer, with several hotels on the famed Strip, including the MGM Grand, Mandalay Bay, Bellagio, Luxor, Aria. According to reports and social media posts, many MGM Resorts guests were locked out of their hotel rooms after the cyberattack interfered with key cards, requiring security to let guests into their room with old-fashioned keys. Slot machines on the casino floors were also down, according to local reports.

MGM Resorts has nearly 50,000 guest rooms on the Las Vegas Strip alone.

“MGM Resorts recently identified a cybersecurity issue affecting some of the Company’s systems,” the hospitality giant said in a statement acknowledging the incident. “Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems.”

MGM Resorts websites were still offline Tuesday and directed customers to call by phone to make reservations. The company added the investigation is ongoing in cooperation with law enforcement.

“Our resorts, including dining, entertainment, and gaming, are currently operational, and continue to deliver the experiences for which MGM is known,” the company said in a follow-up statement on social media on Sept. 11.

MGM Resorts Cyberattack Looks Like Ransomware

While the exact nature of the disruption hasn’t been confirmed, experts see clear signs of a ransomware cyberattack.

“The nature of the widespread outages and disruptions aligns most closely with a ransomware attack,” says Callie Guenther, cyber-threat researcher and senior manager at Critical Start. “The breadth of affected systems and services suggests a concerted effort to disrupt operations, which is consistent with ransomware tactics.”

To read the complete article, visit Dark Reading.