Scattered Spider Waited Before Making MGM Ransom Demand

“Scattered Spider,” the group of hackers that recently infiltrated the technology systems of two major casino operators, waited several days before making financial demands of MGM Resorts International (NYSE: MGM).

Bill Hornbuckle
MGM CEO Bill Hornbuckle. In an interview, he said hackers waited days before making ransom demands. (Image: Wall Street Journal)

In an interview with Bloomberg earlier this week, MGM CEO Bill Hornbuckle said his company was already several days into the fight against a ransomware attack before the group of hackers made financial requests of the casino giant. By the time Scattered Spider pressured the gaming company for compensation, MGM had already started the process of rebuilding its cyber defenses.

I’d love to tell you there was this, you know, ‘a jump on a white horse moment and devil be damned — we’re not paying these bastards,’” Hornbuckle told Bloomberg’s Margi Murphy. “The reality is because we caught this so early and we were on them.”

The Luxor operator said last week the attack will cause third-quarter earnings before interest, taxes, depreciation, amortization, and restructuring or rent costs (EBITDAR) to be trimmed by $100 million, and that it incurred one-time costs of at least $10 million related to the event.

Eventful September for MGM

MGM believes the hack commenced on September 7, but it was several days later by the time a ransom demand arrived.

By that time, Scattered Spider wreaked havoc on MGM systems across the US, leading to massive check-in lines, fears that employees wouldn’t be paid in a timely fashion, and downed gaming machines, among other problems.

The cyber thieves previously hit MGM rival Caesars Entertainment (NASDAQ: CZR), landing a $15 million payment from that operator in the process. Hornbuckle told Bloomberg he wasn’t aware that Caesars had been the victim of a ransomware attack until after MGM was grappling with the same situation.

Scattered Spider is said to have initiated its hack of Caesars via an outside vendor to the gaming company. The threat actors gained access to Caesars’ network in a breach that’s believed to have started on August 27.

MGM and Caesars are the two largest operators on the Las Vegas Strip, and both have extensive portfolios of regional casinos strewn across the US.

MGM Didn’t Pay Ransom

The responses to the Scattered Spider attacks by Caesars and MGM clearly differed and critics might assert that the Bellagio operator would have been better off paying the hackers.

However, the FBI urges ransomware victims to not comply with perpetrators because payments encourage the bad actors to infiltrate other companies. Hornbuckle didn’t disclose the amount Scattered Spider demanded, but he told Bloomberg he’s glad MGM didn’t pay up.

The operator’s systems are back to being fully functional and analysts believe the financial damage, which will be covered by insurance, will be confined to the third quarter.

Todd Shriber
Todd Shriber Financial Reporter

Todd Shriber is a senior news reporter covering gaming financials, casino business, stocks, and mergers and acquisitions for Casino.org.

Todd got his start in financial markets as a reporter with Bloomberg News. Later, he became a trader at a Southern California-based long/short hedge fund, where he specialized in the trading sector and international ETFs leading up to and during the financial crisis. He joined Casino.org in 2019.

Currently, Todd analyzes, researches, and writes on ETFs for various web-based publications and financial services firms. Shriber has been featured and quoted in Barron's, CNBC.com, and The Wall Street Journal. His work can also be found on Benzinga, ETF Daily News, ETF Trends, MarketWatch, Fox Business, and Nasdaq.com.

He currently resides in Las Vegas, where he enjoys golf and taking his black lab to the dog park. He's also an avid sports fan and likes to wager on college football and the NBA. You can also find him at the three-card poker and roulette table, even though he knows better.

Contact Todd at todd.shriber@casino.org.

Comments icon

Conversation (0)

+ Add a comment

Be the first to comment on this article.

Write a comment

Your email address will not be published.