MGM cyberattack could potentially be the costliest in ransomware history, according to threat analyst

Brett Callow, a threat analyst from anti-malware software company Emsisoft, has asserted that the financial loss suffered by casino giant MGM Resorts International over a nine-day period in September may constitute the most expensive ransomware attack in history, surpassing the June 2022 attack on Norwegian aluminum manufacturer Norsk Hydro.

Talking to the Las Vegas Review-Journal, he advised all Las Vegas casino companies to remain vigilant and prepared for the possibility of a cyberattack. MGM officially recognized the cyberattack last week, revealing that it anticipates a cash flow loss of $100 million resulting from the incident. The cyber attack had affected its extensive network of hospitality, gaming, and entertainment properties across the United States.

The majority of the financial impact is anticipated to be felt in the third quarter, with the company slated to announce its financial results later this month or in early November. It remains unclear whether MGM paid a ransom to the attackers. In contrast, Norsk Hydro, which did not yield to the ransom demands of the attackers, reported estimated losses of $71 million.

It has been widely reported that Caesars Entertainment, which also fell victim to a cyberattack in August, paid a substantial ransom to the attackers but suffered comparatively less damage to its systems than MGM. The Wall Street Journal reported that the operator paid approximately half of a $30 million ransom demanded by the hackers.

“In the case of MGM, it was obviously a fairly significant event, and it could take quite some time to recover from that regardless of whether or not they paid the ransom. In the case of Caesars, it could possibly be less extensive and they were able to recover more quickly,” Callow was quoted as saying in the report.

Given the high-profile nature of these attacks, Callow emphasizes the importance of vigilance among other casino companies, cautioning employees to be vigilant against the social engineering tactics employed by cybercriminals.

“All sorts of organizations are attacked all the time. If an organization has the means to pay, it’s a target. I would fully expect other cybercriminals to be looking at Vegas casinos to see whether there are any exploitable weaknesses in that system,” he said.

“Social engineering will become more prevalent because it is the soft underbelly for lots of organizations. They (companies) teach their employees how to deal with electronic threats such as phishing emails, but they maybe don’t put as much emphasis on threats that come in through the phone and that’s something they really need to be paying more attention to,” Callow added.

The attack on MGM, which began Sept. 10, took down computer systems and crippled operations ranging from the MGM app enabling guests to enter their hotel rooms to slot machine payouts and company email.