The Classic Ransomware Playbook: Welcome to the MGM Resorts Saga


Ever seen a hacking attempt play out like a Hollywood heist movie? Well, welcome to the MGM Resorts saga. “Scattered Spider,” the hacker ensemble, initially aimed to rig casino slot machines and recruit unwitting gamblers to hit the jackpot. When that plan hit a snag, they pivoted to the classic ransomware playbook – snatching data, encrypting it, and demanding crypto ransoms. Let’s break down the virtual drama.

The Casino Takeover Plan

A person claiming to represent a hacking group nicknamed Scattered Spider told the Financial Times on Thursday that it had carried out the breach at MGM, including trying to tamper with the casino resort’s slot machines. Imagine hackers trying to outwit a casino’s slot machines, all Ocean’s Eleven style. “Scattered Spider” had high hopes of making the software dance to their tune. Picture this: recruiting unsuspecting players to win big, only to share the loot. But, when luck wasn’t on their side, they shifted gears to the infamous ransomware strategy. 

MGM Resorts Saga

On September 1, operators of a Telegram channel called Spider Logs, managed by cyber maestros dealing in stolen credentials, made a move. They auctioned a data set containing the credentials of a mid-level IT engineer at MGM. More than just one IT whiz, the Spider Logs auction offered a jackpot of 95 MGM employees’ login credentials.

Not stopping there, even some of MGM’s rival, Caesars Entertainment, found themselves entangled in a similar cyberweb. It’s a real-life poker game of digital access. In this cyber-age casino, possessing credentials from IT personnel at MGM or Caesars could grant you access to the inner workings of their digital fortresses. It’s like having the keys to the kingdom for cyber-explorers.


The Web of Deception

Ever wonder how the bad guys slip into the fortress? “Scattered Spider” has a knack for social engineering – the art of fooling folks. Its members, mostly English-speaking hackers from the US and Europe, are known to impersonate an employee they have studied over social media in phone calls to company help desks where they try to generate fresh passwords. LinkedIn proved to be their treasure trove, giving them a ticket to impersonate said employee. 

With a dash of charm and a sprinkle of deceit, they phoned up MGM’s IT help desk, finagled credentials, and bam! The breach was underway. Social engineering is the dark art of hacking. “Scattered Spider” spun its web by mimicking people or organizations. They played the confidence game, making MGM believe they were legit. This time, it was an employee’s LinkedIn info that was their key. Just goes to show, even in the digital world, trust but verify.

The Aftermath: MGM Resorts’ Fight to Get Back Online

After over a week of system lockdowns, MGM is finally regaining its digital footing. The website’s back, bookings are happening, and credit cards are back in the game. But those loyalty cards? Well, they’re not feeling too loyal right now. Some systems are up, some are down. The slot machines are making a comeback, but many are still craving that hand payout. 

Company email accounts remained down making it feel like a tech rollercoaster at MGM. Caesars has offered customers identity theft protection and credit monitoring access as a result of their similar situation. The Wall Street Journal reported that the company paid a $30 million ransom to regain access from the hackers that attacked their system.

MGM Resorts reportedly did not pay the ransom, and experts estimate that the attack could cost the company more than $8 million per day in lost revenue. Saying that amount is a lot of money would be a very sore understatement.

A Solution ‘Red e’ to Go

Red e App is a strategic partner to over a dozen casinos and hotels across nine states and Canada and a critical tool for the more than 25,000 staff that keep the lights on. The majority of these employees carry out manual tasks in service of the customers and do not have time for, nor access to, traditional and ineffectual modes of communication like email. 

Red e App provides a highly tailored engagement experience for each and every employee on their own device and delivers greater productivity, efficiency, and profitability to the organization.

All that? That’s in peaceful times! If this event were to have happened at one of our Hospitality or Casino partners, their communication would have been back up and running in 1/18th of the time it has taken for things to return to normal on MGM’s end of the strip.

Modernized communication is one of, if not the most important, safeguard to have in place. Red e App allows employees to access a mobile messaging platform without a company email address, and it provides a dedicated, internal, real-time mobile communication channel for informing and engaging all hourly employees in every location. 

In our experience with Seminole Gaming, property managers and administrators send an average of 150,000+ messages/year with a 70%+ read rate. Employees also use the platform to communicate one-to-one with colleagues and managers, sending more than 50,000 messages each year with an astonishing 94% read rate. More than 4500 team members are actively using Red e App.

Red e App is hands down the right tool because it is an enterprise-secure mobile communication platform specifically designed for large, hierarchical organizations with many locations, and a large hourly and non-desk dominant workforce. In a world where cyber crooks play by their own rules, the battle for digital security rages on. The MGM saga is just one chapter. So, how do you stop from going back to the stone age when systems are compromised? Easy. Stay ‘Red e’ for anything, whether it’s your table games manager offering open shifts or your entire business operation being stopped in its tracks.