Skip To Main Content 2023 Ransomware Report | Download Now

In recent weeks, the cybersecurity world was rocked by two high-profile ransomware attacks targeting industry giants MGM Resorts and Caesars Entertainment, both prominent players in the casino and hotel sector. These incidents not only caused operational disruptions but also exposed sensitive customer data. As organizations increasingly invest in top-tier security solutions to protect against such threats, this recent attack is a stark reminder that relying solely on prevention-based strategies can not provide an absolute defense. This blog will summarize these attacks’ key details and emphasize the urgent need for robust ransomware containment measures.

The MGM Resorts Ransomware Attack

On September 11th, MGM Resorts became the epicenter of a cyber crisis. The company experienced widespread system outages and service disruptions across its Las Vegas and Atlantic City properties. Both customers and MGM employees faced numerous issues as a result. Reservations were erased, and existing keycards malfunctioned, forcing hotel staff to spend hours resolving room access issues for customers and costing MGM thousands in cancellation and change fees—which were waived as guests whose reservations weren’t erased canceled their upcoming trips. All gambling and betting had to be manually tracked, with only cash available for exchange, causing further security issues throughout casino floors.

MGM’s systems were down for 10 days, costing the company an estimated $8.4 million per day and roughly $850 million in market value as their stock dipped 12.5%. Unlike Caesars, MGM declined to pay the ransom demanded. As a result, personal information, including social security numbers and bank account info for more than 10.6 million customers, was leaked. However, the servers and data held by the hackers were held hostage, forcing MGM to use the backup servers to restore operations.

This attack, attributed to an affiliate of the notorious ransomware group Alphv (also known as BlackCat), is a stark example of the crippling impact ransomware can have on even the most robust organizations.

The Caesar Casino Data Breach

Caesars Entertainment disclosed a data breach in a separate alarming incident through a regulatory filing. The attack exposed sensitive customer information from their Caesars Loyalty Rewards database, including Social Security numbers and driver’s license details. Even more shocking is that Caesars reportedly paid a $15 million ransom to prevent the release of stolen customer data and restore their systems. This incident vividly underscores the financial and reputational risks associated with ransomware attacks. So far, according to Caesars, this customer info has not been released.

Attack Methods

Unlike many recent cyberattacks where hackers have breached systems via email phishing, USB ports, or IoT, the attacks on MGM and Caesars were done via social engineering tactics. Scattered Spider is unique because its members are primarily younger and based in the U.S. and U.K. In MGM’s case, a group member found an MGM employee on LinkedIn and then called the company’s help desk, impersonating said employee. Within a 10-minute phone call, they could hack MGM’s system using that employee’s admin credentials. Caesars was infiltrated through a third-party outsourced IT services contractor using similar tactics.

It is worth noting that given their cash flow and treasure troves of sensitive customer data, casinos such as MGM and Caesars have best-of-breed solutions in place to help mitigate potential threats. This includes EDRs, malware detection, email scanners, and even red teams whose sole purpose is identifying vulnerabilities before hackers can exploit them. Yet, these sophisticated security measures were all thwarted by a fraudulent phone call to the IT departments that help administer them.

These attacks highlight a very important fact of cybersecurity that, until now, has been overlooked: sometimes, all the prevention in the world is still not enough. Not even well-funded, heavily secured, and monitored casinos are immune.

As Emily Phelps, Director of Cyware, was quoted in CPO Magazine: “If organizations take away anything from the Caesars ransomware attack, let it be a reminder that human behavior is one of the most common vulnerabilities threat actors exploit. Technologies change rapidly. Human behavior doesn’t. Improving security awareness must be an ongoing effort, and it is only the beginning. To minimize social engineering risks, it’s important to ensure you require multifactor authentication, ideally using different types of authentication, such as a passphrase and an authenticator app..”

As Phelps notes, organizations need to do more. With increasingly sophisticated attack methods, preventative measures will never be enough. Whether the attack comes from an endpoint or a fraudulent phone call, containment protects against even human error.

The Crucial Role of Ransomware Containment

The MGM Resorts and Caesar Casino incidents serve as a wake-up call for organizations of all sizes. Although they invested in the best-in-breed prevention-based security tools such as EDRs, email gateways, firewalls, MFA, etc., neither casino could detect and prevent the attack. The cybercriminals were still successful at getting through and caused significant damage to their IT infrastructure.

To protect against the rising tide of ransomware attacks, organizations must augment their preventative measures with automated ransomware containment solutions to address the attacks that eventually get through. These solutions extend beyond traditional cybersecurity measures, focusing on rapid detection of an active attack, isolation of the compromised user and device, and containment of the data encryption and exfiltration that takes place.

As technology advances, attack vectors increase. Even the most sophisticated prevention measures cannot cover every single ingress, as new methods consistently pop up and groups such as Scattered Spider take advantage of social engineering. Containment, however, is ingress agnostic. With containment solutions, attacks can be halted as soon as they are initiated, preventing data encryption, isolating the affected endpoint(s), and preventing operation downtime.

Learn More

BullWall offers a ransomware penetration test to help you assess how your current tools respond to various ransomware variants. You can request one here or schedule a demo of our containment solution.


How Ransomware Impacts Government Organizations

BullWall Blue & Black Background with Logos

Government institutions provide critical services to citizens, including healthcare, public safety, transportation, and utilities and as such are prime targets for ransomware attacks. Ransomware attacks...

Read More

NIS2: Stronger Cyber Defense for Europe

BullWall Orange Background

We live in a world where banking, healthcare, public transportation, and other critical services and agencies rely on computer systems. Computer systems which make them...

Read More

BullWall Appoints Steen Lomholt-Thomsen as CEO, Kerry K. Grimes as EVP and Chief Partner Officer, Shares 2023 Benchmarks and Growth

BullWall Black Background

Announcement BullWall announced today the appointments of Steen Lomholt-Thomsen as CEO and Kerry Grimes as Executive Vice President and Chief Partner Officer. BullWall has also...

Read More

The Importance of Data Security in Business

BullWall Blue & Black Background with Logos

Improving Business Success Through Enhanced Data Security In today’s ever-changing digital landscape, data has ascended to an almost sacred status. The importance of making sure...

Read More

A Dive into Prominent Ransomware Names that Shook Healthcare, Education, and Cyber Insurance

Unraveling the Infamous Malware that Defined a Decade of Cyber Threats In the ever-evolving world of cyber threats, ransomware has emerged as a formidable monster,...

Read More

The Importance of Employee Training in Ransomware Prevention

BullWall Orange Background

The Human Factor in Ransomware Defense In the intricate maze of cybersecurity, while technology and systems are often paramount, one of the most overlooked components...

Read More

How Should We Handle Ransomware?

BullWall Black Background

In the current digital age, one of the most pressing concerns is the exponential rising threat of ransomware attacks. These malicious attacks on organizations are...

Read More

How to Protect Yourself from Ransomware

BullWall Blue & Black Background with Logos

As the digital landscape expands, so do the challenges of cybersecurity. A leading concern in today's tech world is the growing menace of ransomware, a...

Read More

Ransomware Prevention Best Practices

A Multi-Layered Approach to Cyber Resilience In an era that features constant cybersecurity threats that are increasingly complex and continually evolving, combating ransomware remains one...

Read More