MGM Resorts International hotels and casinos continue to experience disruptions, five days after the company was attacked by hackers who demanded a ransom to restore access.
On Thursday evening, videos posted by MGM properties on the Las Vegas Strip, including ARIA and Bellagio, showed agonizingly long check-in lines and some slot machines remaining offline.
Working slot machines only work with cash and are set to hand-pay, meaning winnings must be paid out by human employees, and MGM has given out meal credits and free alcohol to appease angry guests.
Meanwhile, hackers who claimed responsibility for the breach said in a statement late Thursday that they maintained access to “some parts of MGM’s infrastructure” and threatened “additional attacks” if their ransom demands were not met.
MGM’s ongoing problems come after rival gaming giant Caesars Entertainment confirmed it discovered a breach last week – but Caesars reportedly paid a ransom of about $15 million and avoided any disruption to customer contacts .
On Thursday there were long check-in lines at the Bellagio (left), while at ARIA some slot machines were still offline while the rest were cash and hand payment only
The FBI told it is investigating the incidents at both Caesars and MGM, adding: “As this is an ongoing investigation, we cannot provide further details.”
Neither Caesars nor MGM responded to multiple requests for comment from throughout the week.
Both breaches appear to have been triggered by “social engineering” attacks in which the hackers tricked human targets into revealing login credentials, such as by impersonating real employees during phone calls to support hotlines.
The attribution of the attacks remained unclear. A group called the Scattered Spider contacted journalists and claimed responsibility for both breaches, while an affiliated gang called ALPHV released a lengthy statement contradicting these claims and saying it carried out the MGM attack.
It is possible that the two groups known to have an affiliate relationship were both involved in the attacks or are actually factions within the same loose hacker collective.
For MGM guests, the result of that company’s breach was a week of confusion and frustration.
“The MGM hack is causing chaos,” wrote X user Rachel Hooks from ARIA, which shares videos of long lines and slot machines on the Fritz. “Ridiculous check-in lines and closed casinos.”
At the Bellagio, @JacobLasVegasLife Posted video showing huge queues at hotel check-in.
MGM Hotels were reportedly forced to implement outdated measures at check-in counters and handwrite guest information and credit card numbers as system glitches continued.
The Complaining about just about anything.”
MGM Resorts International hotels and casinos continue to experience disruption, five days after hackers broke into the company in search of a ransom
user @LasVegasLocally shared photos of $25 food and drink vouchers and wrote, “MGM Resorts employees have received stacks of ‘Guest Restoration Vouchers’ to hand out to any hotel guest who complains about virtually anything under the sun this weekend.”
Other photos posted by @VitalVegas showed staff at MGM properties offering guests free wine and beer as they waited in long lines to check-in.
In a sign of a slow return to normality, MGM Resorts’ main website was finally up and running again, although online hotel reservations remained unavailable Friday morning.
“For hotel reservations arriving between September 13th and 17th, 2023, we understand that your travel plans may have changed, therefore we are waiving change and cancellation fees,” the website says. ‘Thank you for your patience.’
Meanwhile, the hacker gang ALPHV, also known as BlackCat, spoke out on Thursday evening in a detailed statement published on its dark web ransom page.
Without naming Scattered Spider, ALPHV dismissed reports of that group’s involvement as “rumors” but did not specifically deny Scattered Spider’s involvement.
There were long check-in waits at ARIA on Thursday evening as MGM properties in some cases resorted to handwriting guest information
MGM Resorts’ main website was finally working again, although online hotel reservations remained unavailable Friday morning
The hackers claimed they infiltrated MGM’s network on Friday, September 8, and that the first glitches in the company’s system last weekend were actually due to MGM employees frantically shutting down equipment to contain the attack.
“Due to their network engineers’ lack of understanding of how the network works, network access was problematic on Saturday,” the hackers claimed.
“They then decided on Sunday to take seemingly key components of their infrastructure “offline,” the group added.
ALPHV said it launched its ransomware attack on Monday, September 11, encrypting more than 100 bare-metal hypervisors in MGM’s server environment.
The hacking group said it made “multiple attempts” to contact MGM with ransom demands but received no response, aside from an unidentified user who lurked silently in the chat room set up for negotiations.
“We believe that MGM will not agree to a deal with up,” the hackers said. “We continue to have access to part of MGM’s infrastructure. If no agreement is reached, we will carry out further attacks.”
“We continue to wait for MGM to pair up and make contact as they have clearly shown that they know where to contact us,” ALPHV added.
The group’s claims could not be independently verified.