Security News > 2023 > September > MGM casino's ESXi servers allegedly encrypted in ransomware attack
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems.
In a statement today, the BlackCat ransomware group claims that they had infiltrated MGM's infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure.
Cybersecurity researcher vx-underground first broke the news that threat actors affiliated with the ALPHV ransomware operation allegedly breached MGM through a social engineering attack.
According to Bloomberg reporters, Scattered Spider has also breached the network of Caesars Entertainment, who, in a U.S. Securities and Exchange Commission on Thursday, provided a strong hint at paying the attacker to avoid a leak of customer data stolen in the attack.
After seeing MGM taking this action and with no intention from the company to engage in negotiations over the provided chat, the threat actor says that they deployed the ransomware attack.
"After waiting a day, we successfully launched ransomware attacks against more than 100 ESXi hypervisors in their environment on September 11th after trying to get in touch but failing. This was after they brought in external firms for assistance in containing the incident," - BlackCat/ALPHV. At this moment, the hackers say that they do not know what type of data they stole from MGM but promise to extract relevant information and share it online unless they reach an agreement with MGM. To pressure the company even more into paying, BlackCat threatened to use their current access to MGM's infrastructure to "Carry out additional attacks."
News URL
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Five backup lessons learned from the UnitedHealth ransomware attack (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- SafePay ransomware gang claims Microlise attack that disrupted prison van tracking (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- Starbucks, grocery stores impacted by Blue Yonder ransomware attack (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Bologna FC confirms data breach after RansomHub ransomware attack (source)