MGM resorts suspected ransom attack forces system shut down


MGM Resorts International is scrambling to recover after being hit by a major cyberattack Monday, forcing the company to shut down some of its network systems. Its websites were down, slot machines were only taking cash, and it appears guests were unable to use digital room keys, leaving many locked out.

In what sounds like a scene from the popular Ocean's Eleven film series, MGM first posted a statement about the attack on X (formally known as Twitter) around 11:30 a.m. ET Monday.

“MGM resorts recently identified a cybersecurity issue affecting some of the company’s systems,” the post said.

ADVERTISEMENT

“Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems,” the company said.

“Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter,” the statement concluded.

The websites of all 31 MGM resorts and the main MGM Resorts International website have also been showing as unavailable throughout the day – although it appears the company has control over the site addresses.

MGM has been able to post instructions for its customers, providing direct phone numbers for reservation inquiries and other MGM member services.

MGM resorts international website

The MGM rewards app, which allows members to make reservations, create digital keys to unlock rooms, book entertainment, reserve pool cabanas, and explore dining options, is also not working.

"MGM Rewards is undergoing maintenance and digital keys are currently unavailable. Please see the front desk for assistance," the app states.

ADVERTISEMENT

It's unclear if all digital key cards are inoperable or just the ability for guests to use the cardless digital keys created for their room and stored on their mobile devices, a service offered by MGM.

To put the digital room key issue in perspective, the MGM Grand in Las Vegas alone has 5,044 guest rooms and 751 suites, according to a company fact sheet.

MGM cyberattack

X user @LasVegasLocally, seemingly connected to several MGM insiders, posted this about the digital keys around 7 p.m. ET Monday, "The system that monitors ajar guest room doors is down, according to an MGM Resorts security employee."

Earlier, they reposted a video of several slot machines out of service on one of the MGM casino floors. Other X users have been reporting that all ATMs in the resorts are down, as well as cash withdrawals from casino cashiers.

Several hours later, @LasVegasLocally posted on X again, this time sharing statements from MGM declaring "dining, entertainment and gaming are currently operational" but added that "all the websites are still down though." Guests can now access their rooms, the company claims, although according to other X users the Rewards app remains down.

Ryan McConechy, CTO of Barrier Networks, said it's often routine for organizations with large and complex networks, such as MGM, to take all their systems offline once discovering a breach.

“Until MGM provides more information, it’s not clear the exact reason why they decided to take this action…maybe to prevent active attackers pivoting or malware spreading…but it is a very costly move,” McConechy said.

“For every minute the gaming floor was down, MGM was losing money. Likewise, with reservations and their websites still being down, the company continues to suffer massive financial losses,” he explained.

ADVERTISEMENT

“When organizations segment their networks effectively, this scale of downtime and significant financial losses can usually be avoided,” McConechy said.

So far, there is no official word on what caused the incident, if any threat actor has claimed responsibility for the attack, or when the company expects to resume normal business operations.

Moreover, although just a rumor at the time of publishing, @LasVegasLocally has claimed, "The hackers who took down MGM Resorts' computer networks are asking for a large ransom, according to an insider." Naturally, this has sparked further rumors on X that MGM will "quietly pay the ransom."

Local media is reporting that the FBI has been in contact with MGM since Sunday morning, including contact with the Nevada Gaming Control Board.

The same user has also posted about recent rumors that "Caesars Entertainment was recently hacked in the same manner, and paid out a $30 million ransom to avoid the problems MGM is experiencing," which has now been confirmed as true.

Cybernews has reached out to MGM’s corporate headquarters and is awaiting a response.

Besides the hotel and casino resorts located on the Las Vegas, Nevada strip, MGM International also operates its signature resort entertainment complexes in Massachusetts, Michigan, Mississippi, Maryland, Ohio, and New Jersey.

Local news outlet Philadelphia 10 is reporting that the MGM Borgata in Atlantic City, New Jersey is also experiencing issues. casino floors are empty, but that guest rooms are accessible.

ADVERTISEMENT

Other popular MGM hospitality brands include the Bellagio, Mandalay Bay, New York-New York, and Park MGM.