Hackers caused major chaos in the US gaming world this week with successful attacks on both MGM Resorts and Caesars Entertainment. Caesars mitigated the damage by paying the hackers a $15 million ransom to leave their systems alone and go away, while MGM’s systems have been down most of the week.
Word of the Caesars attack broke after the MGM attack was revealed but it appears that the company was hit sometime in August. Company officials revealed the story in a Form K-8 Filing to the US Securities and Exchange Commission. These forms are used by publicly traded companies to explain how various events impact their businesses and the shareholders investing in them.
In this case, Caesars says the $15 million ransom, which was negotiated down from $30 million, will not have an impact on their bottom line. Though the ransom was paid out by Caesars, at least some portion of it will likely be covered by insurance.
At this point it’s unclear exactly who pulled off the Caesars hack, but it’s believed to be the work of a criminal group called UNC3944 or one of its offshoots. Where the group is based is unknown, though they’re believed to be international. Charles Carmakal, chief technology officer at Google Cloud’s Mandiant described the group on CNBC this week saying, “Although members of the group may be less experienced and younger than many of the established multifaceted extortion and ransomware groups, they are a serious threat to large companies in the United States. Many members are native English speakers and are incredibly effective social engineers.”
While Caesars says they’re operations remain mostly unimpaired by the hack, MGM Resorts sites are still down as of this writing.