The Las Vegas casino company, which still has many of its computer systems offline, has not characterized what happened as a cyberattack.

Betting kiosks at the sportsbook at MGM Grand in Las Vegas are shown on Tuesday, Sept. 12, 2023. MGM Resorts International properties had a cybersecurity issue that thwarted credit card transactions and affected computerized systems. (K.M. Cannon/Las Vegas Review-Journal) @KMCannonPhoto

A Russian ransomware hacker gang may have been responsible for MGM Resorts International’s cybersecurity issue that has plagued the company for four days.

The hacker gang ALPHV, also known as BlackCat, said that it had breached the gaming giant with a simple phone call, according to a post on X, formerly known as Twitter, from malware repository vx-underground. ALPHV has not publicly claimed responsibility.

MGM has not commented on the cause of the issue, which it hasn’t characterized as a cyberattack.

MGM websites remained offline Wednesday morning as the Las Vegas-based casino company began enduring its fourth day of a cybersecurity issue affecting its computerized systems.

“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” vx-underground posted on X. “A company valued at $33.9 billion was defeated by a 10-minute conversation.”

“The threat actors themselves” provided this information, according to vx-underground, which describes itself as the largest collection of malware source code, samples and papers on the internet.

“The comments made to VXU do not sound at all improbable,” said Brett Callow, a threat analyst for Emsisoft, an anti-malware software company. ALPHV is “not an unlikely suspect — but the fact the comments were made at all is a little peculiar,” Callow wrote in an email

“Cybercriminals typically don’t discuss attacks until they’ve given up on being able to monetize them,” he wrote. “This is mainly because they want their targets to have the option to pay to make the problem go away as quickly and as quietly as possible.”

MGM issued a statement late Tuesday reiterating most of its comments made since Monday, a day after multiple systems failed, including those for room and restaurant reservations, mobile app room access, company email and some networked slot machines.

“MGM Resorts recently identified a cybersecurity issue affecting certain (number) of the company’s systems,” the company’s latest statement issued from a Gmail account said.

“Promptly after detecting the issue, we began an investigation with assistance from leading external cybersecurity experts,” the statement said. “We also notified law enforcement and are taking steps to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to resolve the matter. The company will continue to implement measures to secure its business operations and take additional steps as appropriate.”

The company has not referred to the matter as a cyberattack, but its reference to notifying law enforcement is indicative of the potential of crimes being committed.

On Tuesday, the Las Vegas field office of the FBI affirmed it is investigating the matter. Representatives of the U.S. Department of Homeland Security, which investigates cyberterrorism and other terrorist activity, referred a reporter to MGM.

This is a developing story. Check back for updates.

