Hacker group threatens MGM Resorts if ‘deal is not reached’

MGM Resorts International employees will be paid as usual Friday despite the cybersecurity issues that have dogged the company since Sunday.

Meanwhile, one of the organizations allegedly claiming responsibility for a cyberattack on MGM said it would unleash ransomware on company computer systems “if a deal is not reached.”

Brett Callow, a threat analyst for Emsisoft, an anti-malware software company, reposted a statement from ALPHV, one of two Russian hacker gangs collaborating to attack MGM, on X, formerly known as Twitter. Callow said the statement from ALPHV was posted on its site on the dark web and he said nothing in it struck him as implausible.

While many computer industry experts found the ALPHV message credible, others weren’t so sure, noting that the group in the past has never made public disclosures about what it was doing.

Alex Waintraub of CYGNVS, an intel researcher with experience negotiating with ALPHV who has completed more than 1,700 negotiations with hacker groups, said he was unsure the message was legitimate and doesn’t want to speculate about its authenticity.

Hackers taunt MGM

But the message was filled with details about the gang’s efforts and taunted MGM leaders. MGM representatives declined to comment on the ALPHV message.

In its communication, ALPHV refutes reports that it tampered with slot machines, as reported in a Financial Times’ interview with a supposed representative of Scattered Spider, the other gang allegedly involved in the attack.

“We did not attempt to tamper with MGM’s slot machines to spit out money because doing so would not be to our benefit and would decrease the chances of any sort of deal,” the message said.

But the message, titled “Statement on MGM Resorts International: Setting the record straight,” said, “We have made multiple attempts to reach out to MGM … As reported, MGM shut down computers inside their network as a response to us. We intend to set the record straight.

“No ransomware was deployed prior to the initial takedown of their infrastructure by their internal teams.”

The group then explained why it waited to claim responsibility for the attack.

“The ALPHV ransomware group has not before privately or publicly claimed responsibility for an attack before this point. Rumors were leaked from MGM Resorts International by unhappy employees or outside cybersecurity experts prior to this disclosure. Based on unverified disclosures, news outlets made the decision to falsely claim that we had claimed responsibility for the attack before we had.

“We still continue to have access to some of MGM’s infrastructure. If a deal is not reached, we shall carry out additional attacks. We continue to wait for MGM to grow a pair and reach out as they have clearly demonstrated that they know where to contact us.”

Payroll will be met

As the matter entered its fifth day Thursday, a MGM spokesman said in an email that employees would be paid “per usual” after some sources questioned whether the computer problems the company experienced had penetrated computerized payroll programs as well.

MGM’s websites and mobile app remained down Thursday.

Early Thursday, MGM Chairman and CEO Bill Hornbuckle thanked MGM guests and employees for their patience during the issues that the company has yet to characterize as a cyberattack despite growing evidence that Russia-based hacker groups were responsible for the cyberturmoil at Nevada’s largest company.

Company officials did not comment when asked to verify online reports that the company with 10 resorts on the Strip paid a ransom to extortionists.

The FBI is continuing to investigate the matter giving credence that the company was the victim of a crime.

“I want to personally thank our guests for showing us great kindness and patience this week as we’ve worked through a cybersecurity issue,” Hornbuckle said in a LinkedIn post early Thursday. “Please know that providing our guests with outstanding service is at the heart of who we are as a company. We continue to work diligently to resolve this issue, and that includes increasing our staffing levels across our properties to help ensure individual needs are addressed as promptly as possible. Again, thank you for your patience and the kindness you’ve shown to our employees.”

Employees praised

Hornbuckle then praised his employees.

“And speaking of our tens of thousands of employees, I want to thank all of you for working so incredibly hard to maintain a high level of service,” he said in his post. “I understand this week has been challenging and appreciate you so much for your great dedication, resourcefulness and good cheer you are bringing every day. You have my utmost gratitude and greatest respect for all you do, day in and day out, but especially now.”

Lines at three MGM hotels Thursday evening had died down significantly compared with lines on previous days. At around 5:20 p.m. at the Luxor about 40 people waited in line. Staff members walked trays of water and beer to those waiting.

The Excalibur and Mandalay Bay check-in lines were shorter than Luxor’s by around 6 p.m. All three hotel lobbies were dotted with signs that apologized to guests for the difficulties.

Contact Richard N. Velotta at rvelotta@reviewjournal.com or 702-477-3893. Follow @RickVelotta on X. Las Vegas Review-Journal staff writers David Wilson and Mary Hynes contributed to this report.