Security News > 2023 > September > MGM Resorts ESXi servers allegedly encrypted in ransomware attack
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems.
In a statement today, the BlackCat ransomware group claims that they had infiltrated MGM's infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure.
The BlackCat/ALPHV admin told BleepingComputer yesterday that one of their "Adverts" carried out the MGM attack, saying that it wasn't the same actor that hacked Western Digital in March.
According to Bloomberg reporters, Scattered Spider has also breached the network of Caesars Entertainment, who, in a U.S. Securities and Exchange Commission on Thursday, provided a strong hint at paying the attacker to avoid a leak of customer data stolen in the attack.
After seeing MGM taking this action and with no intention from the company to engage in negotiations over the provided chat, the threat actor says that they deployed the ransomware attack.
"After waiting a day, we successfully launched ransomware attacks against more than 100 ESXi hypervisors in their environment on September 11th after trying to get in touch but failing. This was after they brought in external firms for assistance in containing the incident," - BlackCat/ALPHV. At this moment, the hackers say that they do not know what type of data they stole from MGM but promise to extract relevant information and share it online unless they reach an agreement with MGM. To pressure the company even more into paying, BlackCat threatened to use their current access to MGM's infrastructure to "Carry out additional attacks."
News URL
Related news
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Port of Seattle hit by Rhysida ransomware in August attack (source)
- AutoCanada says ransomware attack "may" impact employee data (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)