MGM Resorts back online after suspected ransomware attack

The MGM logo on a large sign in the background, near the MGM Grand Hotel in Las Vegas. In the foreground sits a lion statue, the symbol of MGM.
(Image credit: Getty Images)

MGM Resorts has announced its hotels in Las Vegas are operational once again, following a prolonged outage in the wake of a serious cyber security incident that is still under investigation.

The hospitality chain endured a chaotic day in which many of its IT systems shut down, leaving guests locked out of rooms, resorts only able to accept cash payments, and slot machines inoperable. 

It is not yet clear whether systems were brought down by the cyber incident itself, or as a precautionary measure taken by MGM Resorts to contain the spread of malware and prevent threat actors from performing lateral attacks.

While MGM Resorts has not detailed the nature of the incident, some experts assume it was the result of a broad ransomware operation.

"While it hasn't been confirmed, this has all of the markings of a pretty significant ransomware attack,” said Erich Kron, security awareness advocate at KnowBe4.

“It's clear that a significant number of systems have been impacted, leaving guests and customers in a difficult position, while clearly impacting operations across the resort portfolio.” 

The incident began on Sunday 10 September. In a statement published to X (formerly Twitter) made at 08:27 (PT) on 11 September, MGM Resorts said it had identified a “cyber security issue” impacting some of its systems.

As of 16:51 (PT), MGM Resorts had announced guests were able to access their rooms and systems pertaining to gaming, entertainment, and dining were once again online.

“Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts,” the company wrote.

“We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter.”

The chain operates well-known casinos including Aria, Mandalay Bay, and MGM Grand, all experienced significant disruption throughout the shutdown. It is cooperating with the Federal Bureau of Investigation (FBI) which has opened an investigation into the incident.

RELATED RESOURCE

IBM whitepaper Definitive guide to ransomware 2023

(Image credit: IBM)

Definitive guide to ransomware 2023

This useful guide will to help rethink your defence against ransomware threats.

DOWNLOAD FOR FREE

If ransomware was involved, the system shutdown could have been enacted by the company’s security team in order to prevent further spread or buy time in order to remediate lost data. A rapid response could have prevented MGM Resorts from having to pay ransomware operators.

“In response to this incident, it looks like MGM decided to take all their systems offline, which is a routine move when organizations run such large and complex networks,” said Ryan McConechy, CTO at Barrier Networks.

“Until MGM provides more information on the breach, it’s not clear the exact reason why they decided to take this action, but it is a very costly move.

“For every minute the gaming floor was down, MGM was losing money. Likewise, with reservations and their websites still being down, the company continues to suffer massive financial losses. Understandably, this may be to prevent active attackers pivoting or malware spreading, but when organizations segment their networks effectively, this scale of downtime can usually be avoided.”

At the time of writing, the MGM Resorts website is still inaccessible. In its place, the organization has placed a notice with phone numbers for each of MGM Resorts’ hotels within Las Vegas.

The MGM Resorts website. It is a white page carrying a notice apologizing for the website outage, which goes on to list the phone numbers for all of MGM Resorts' hotels and casinos.

(Image credit: Future)

This is not the first public cyber security breach that MGM Resorts has experienced. In 2020, the details of 10.6 million guests which had been stolen in a 2019 breach of the organization’s servers were leaked on a hacking forum.

In the wake of the incident MGM Resorts stated it had no evidence to suggest customer financial or password data was included in the breach.

Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.