Security News > 2023 > September > MGM casino's ESXi servers allegedly encrypted in ransomware attack

An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems.

In a statement today, the BlackCat ransomware group claims that they had infiltrated MGM's infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure.

Cybersecurity researcher vx-underground first broke the news that threat actors affiliated with the ALPHV ransomware operation allegedly breached MGM through a social engineering attack.

According to Bloomberg reporters, Scattered Spider has also breached the network of Caesars Entertainment, who, in a U.S. Securities and Exchange Commission on Thursday, provided a strong hint at paying the attacker to avoid a leak of customer data stolen in the attack.

After seeing MGM taking this action and with no intention from the company to engage in negotiations over the provided chat, the threat actor says that they deployed the ransomware attack.

"After waiting a day, we successfully launched ransomware attacks against more than 100 ESXi hypervisors in their environment on September 11th after trying to get in touch but failing. This was after they brought in external firms for assistance in containing the incident," - BlackCat/ALPHV. At this moment, the hackers say that they do not know what type of data they stole from MGM but promise to extract relevant information and share it online unless they reach an agreement with MGM. To pressure the company even more into paying, BlackCat threatened to use their current access to MGM's infrastructure to "Carry out additional attacks."

News URL

https://www.bleepingcomputer.com/news/security/mgm-casinos-esxi-servers-allegedly-encrypted-in-ransomware-attack/