The ALPHV/BlackCat ransomware group claimed responsibility for the MGM Resorts cyber outage on Tuesday, according to a post by malware archive vx-underground. The group claims to have used common social engineering tactics, or gaining trust from employees to get inside information, to try and get a ransom out of MGM Resorts, but the company reportedly refuses to pay. The conversation that granted initial access took just 10 minutes, according to the group.
“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” the organization wrote in a post on X. Those details came from ALPHV, but have not been independently confirmed by security researchers.
The international resort chain started experiencing outages earlier this week, as customers noticed slot machines at casinos owned by MGM Resorts shut down on the Las Vegas strip. As of Wednesday morning, MGM Resorts still shows signs that it’s experiencing downtime, like continued website disruptions. MGM Resorts has not responded to a request for comment, but said in a statement on Tuesday that “Our resorts, including dining, entertainment and gaming are currently operational.”
ALPHV has a reputation in the cybersecurity community as being “remarkably gifted at social engineering for initial access,” according to vx-underground. From there, it usually uses ransomware ploys to extort a target into paying up, and it’s been going after huge corporate targets. In July, ALPHV and another threat actor Clop listed beauty giant Estée Lauder on their data leak sites.