Security News > 2023 > September > MGM casino's ESXi servers allegedly encrypted in ransomware attack
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems.
In a statement today, the BlackCat ransomware group claims that they had infiltrated MGM's infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure.
Cybersecurity researcher vx-underground first broke the news that threat actors affiliated with the ALPHV ransomware operation allegedly breached MGM through a social engineering attack.
According to Bloomberg reporters, Scattered Spider has also breached the network of Caesars Entertainment, who, in a U.S. Securities and Exchange Commission on Thursday, provided a strong hint at paying the attacker to avoid a leak of customer data stolen in the attack.
After seeing MGM taking this action and with no intention from the company to engage in negotiations over the provided chat, the threat actor says that they deployed the ransomware attack.
"After waiting a day, we successfully launched ransomware attacks against more than 100 ESXi hypervisors in their environment on September 11th after trying to get in touch but failing. This was after they brought in external firms for assistance in containing the incident," - BlackCat/ALPHV. At this moment, the hackers say that they do not know what type of data they stole from MGM but promise to extract relevant information and share it online unless they reach an agreement with MGM. To pressure the company even more into paying, BlackCat threatened to use their current access to MGM's infrastructure to "Carry out additional attacks."
News URL
Related news
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks (source)
- JetBrains is still mad at Rapid7 for the ransomware attacks on its customers (source)
- Stanford: Data of 27,000 people stolen in September ransomware attack (source)
- Nissan confirms ransomware attack exposed data of 100,000 people (source)
- TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (source)
- What the Latest Ransomware Attacks Teach About Defending Networks (source)
- Crafting Shields: Defending Minecraft Servers Against DDoS Attacks (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)