Caesars Entertainment, Inc. paid tens of millions of dollars to hackers who gained access to its data systems in a breach that threatened Harrah’s Pompano Beach Casino and all Caesars business operations weeks ago, according to reports.
The same cybersecurity threat is reportedly currently hampering MGM properties across the US in several states.
According to reporting from Bloomberg and Fortune, the hacker group responsible for the attacks on Caesars is known as “Scattered Spider,” and is composed of individual hackers from the US and the United Kingdom.
Caesars has said the hackers were only able to compromise information from the Caesars Rewards program, including social security numbers and driver’s license information. The company says the hack has not affected its casino and online betting operations.
Caesars chose to pay ransom to hackers
Unlike the current attack on MGM casino resorts in Massachusetts, Michigan, Nevada, New York, New Jersey and Ohio, the attack from Scattered Spider on Harrah’s Pompano Beach did not result in closure or shutdowns of systems at Caesars properties. Caesars owns no other casinos in Florida.
According to Reuters, Caesars will file a regulatory report in the coming days or weeks outlining the ransomware attack. Such an admission and the news that one of the largest gaming companies in the US was forced to pay a ransom to criminal hackers will likely send a chill into an industry that is growing rapidly.
Fortune recently reported that according to the FBI, Scattered Spider had successfully targeted more than 60 companies with its ransomware as of April 2022.
MGM Resorts properties are currently under attack
MGM Resorts, which owns the casinos currently under attack, none in Florida, has been dealing with the ransomware attack since at least Sept. 11. That’s when reports emerged that their systems were problematic in many of their venues.
Fortune reports the attack on MGM may have been a coordinated effort by members of Scattered Spider and ALPHV. It has crippled several casinos, which cannot accept hotel reservations or perform cash-outs or offer ATM services.
ALPHV uses a nefarious ransomware project released to the public in 2021 and has been used to target large companies.
Scattered Spider use phishing techniques to enter computer systems
Scattered Spider is a notorious hacker group also known by the names UNC3944 and Roasted 0ktapus. In the past, the group has targeted Microsoft cloud services and financial companies. The hackers utilize phishing techniques to gain access to systems. They then demand large sums of money as ransom as they hold private data and threaten to release or destroy it.
Caesars, BetMGM and other gaming companies spend hundreds of millions of dollars to secure their systems and provide security for consumers who use their financial resources to fund their gaming at casinos in Florida and elsewhere.
Ransomware is an especially malicious form of malware. It locks up computer systems and demands a payment to return access to those systems via a decryption key. These latest major attacks on Caesars and now MGM gaming properties are the first known widespread hacks into casinos.