‘Don’t blame us for MGM Resorts disruption. We only installed ransomware,’ says gang

Share post:

The AlphV ransomware gang has admitted it was behind this week’s attack on casino and hotel operator MGM Resorts, but is saying the company and not hackers were responsible for closing the IT environment.

However, it takes credit for eventually launching ransomware.

In a statement saying it wants to “set the record straight,” the gang says it’s not to blame for service outages such as employees not being able to log into the IT environment, slot machines that stopped working, slow electronic transfers of winnings and hotel guests locked out of their rooms because electronic key cards didn’t work.

Yes, it admits, the gang was able to get into MGM Resorts’ Okta identity and access management environment. But, the statement says, “MGM made the hasty decision to shut down each and every one of their Okta Sync servers after learning we had been lurking on their Okta Agent servers, sniffing out passwords of people whose passwords couldn’t be cracked from their domain controller hash dumps.”

The group infiltrated MGM Resorts’ IT network on Friday, Sept. 9, the statement says. The company took essential elements of the network offline on Sunday after discovering the intrusion.

The gang’s statement also criticizes researchers at VX Underground for falsely alleging in a tweet that someone linked to the gang got into the MGM Resorts environment by convincing an IT support staffer that they were an employee.

“The rumours about teenagers from the U.S. and U.K. breaking into this organization are still just that — rumours. We are waiting for these ostensibly respected cybersecurity firms who continue to make this claim to start providing solid evidence to support it,” it said.

“We continue to have access to some of MGM’s infrastructure,” the gang’s statement adds. “If a deal is not reached, we shall carry out additional attacks.”

For some reason, the group is protective of its reputation, complaining that news outlets falsely reported that AlphV had claimed responsibility for the attack before the group actually announced it.

In an email, Brett Callow, a B.C.-based threat analyst at Emsisoft, said nothing in the gang’s statement struck him as implausible. “That’s not to say any or all of it is accurate, ” he added, simply that it’s not implausible.

“The unfortunate aspect to this is that a company that seems not to have paid a ransom — casino and hotel operator MGM Resorts — is receiving lots of press attention based on the claims of cybercriminals, while a company that may well have paid — casino and hotel operator Caesar’s Entertainment — is receiving far less. The levels of disruption are drastically different too. Moving forward, these factors may help the cybercriminals — all cybercriminals, not only AlphV — convince other victims that payment is the least painful option.”

The post ‘Don’t blame us for MGM Resorts disruption. We only installed ransomware,’ says gang first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways