‘Don’t blame us for MGM Resorts disruption. We only installed ransomware,’ says gang

Share post:

The AlphV ransomware gang has admitted it was behind this week’s attack on casino and hotel operator MGM Resorts, but is saying the company and not hackers were responsible for closing the IT environment.

However, it takes credit for eventually launching ransomware.

In a statement saying it wants to “set the record straight,” the gang says it’s not to blame for service outages such as employees not being able to log into the IT environment, slot machines that stopped working, slow electronic transfers of winnings and hotel guests locked out of their rooms because electronic key cards didn’t work.

Yes, it admits, the gang was able to get into MGM Resorts’ Okta identity and access management environment. But, the statement says, “MGM made the hasty decision to shut down each and every one of their Okta Sync servers after learning we had been lurking on their Okta Agent servers, sniffing out passwords of people whose passwords couldn’t be cracked from their domain controller hash dumps.”

The group infiltrated MGM Resorts’ IT network on Friday, Sept. 9, the statement says. The company took essential elements of the network offline on Sunday after discovering the intrusion.

The gang’s statement also criticizes researchers at VX Underground for falsely alleging in a tweet that someone linked to the gang got into the MGM Resorts environment by convincing an IT support staffer that they were an employee.

“The rumours about teenagers from the U.S. and U.K. breaking into this organization are still just that — rumours. We are waiting for these ostensibly respected cybersecurity firms who continue to make this claim to start providing solid evidence to support it,” it said.

“We continue to have access to some of MGM’s infrastructure,” the gang’s statement adds. “If a deal is not reached, we shall carry out additional attacks.”

For some reason, the group is protective of its reputation, complaining that news outlets falsely reported that AlphV had claimed responsibility for the attack before the group actually announced it.

In an email, Brett Callow, a B.C.-based threat analyst at Emsisoft, said nothing in the gang’s statement struck him as implausible. “That’s not to say any or all of it is accurate, ” he added, simply that it’s not implausible.

“The unfortunate aspect to this is that a company that seems not to have paid a ransom — casino and hotel operator MGM Resorts — is receiving lots of press attention based on the claims of cybercriminals, while a company that may well have paid — casino and hotel operator Caesar’s Entertainment — is receiving far less. The levels of disruption are drastically different too. Moving forward, these factors may help the cybercriminals — all cybercriminals, not only AlphV — convince other victims that payment is the least painful option.”

The post ‘Don’t blame us for MGM Resorts disruption. We only installed ransomware,’ says gang first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Starbucks Forced to Pay Baristas Manually After Ransomware Attack

A ransomware attack on Blue Yonder, a third-party scheduling software provider, has disrupted Starbucks’ ability to manage employee...

Google Launches Free Cybersecurity Certificate for Entry-Level Jobs

Google has introduced a new Cybersecurity Professional Certificate, aimed at preparing students for entry-level roles in just six...

Critical Vulnerability Leaves Millions Of Sites Vulnerable To Takeover

A severe authentication bypass vulnerability has been discovered in the WordPress plugin "Really Simple Security" (formerly *Really Simple...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways