Scattered Spider Waited Before Making MGM Ransom Demand

Posted on: October 12, 2023, 01:12h. 

Last updated on: October 12, 2023, 01:28h.

“Scattered Spider,” the group of hackers that recently infiltrated the technology systems of two major casino operators, waited several days before making financial demands of MGM Resorts International (NYSE: MGM).

Bill Hornbuckle
MGM CEO Bill Hornbuckle. In an interview, he said hackers waited days before making ransom demands. (Image: Wall Street Journal)

In an interview with Bloomberg earlier this week, MGM CEO Bill Hornbuckle said his company was already several days into the fight against a ransomware attack before the group of hackers made financial requests of the casino giant. By the time Scattered Spider pressured the gaming company for compensation, MGM had already started the process of rebuilding its cyber defenses.

I’d love to tell you there was this, you know, ‘a jump on a white horse moment and devil be damned — we’re not paying these bastards,’” Hornbuckle told Bloomberg’s Margi Murphy. “The reality is because we caught this so early and we were on them.”

The Luxor operator said last week the attack will cause third-quarter earnings before interest, taxes, depreciation, amortization, and restructuring or rent costs (EBITDAR) to be trimmed by $100 million, and that it incurred one-time costs of at least $10 million related to the event.

Eventful September for MGM

MGM believes the hack commenced on September 7, but it was several days later by the time a ransom demand arrived.

By that time, Scattered Spider wreaked havoc on MGM systems across the US, leading to massive check-in lines, fears that employees wouldn’t be paid in a timely fashion, and downed gaming machines, among other problems.

The cyber thieves previously hit MGM rival Caesars Entertainment (NASDAQ: CZR), landing a $15 million payment from that operator in the process. Hornbuckle told Bloomberg he wasn’t aware that Caesars had been the victim of a ransomware attack until after MGM was grappling with the same situation.

Scattered Spider is said to have initiated its hack of Caesars via an outside vendor to the gaming company. The threat actors gained access to Caesars’ network in a breach that’s believed to have started on August 27.

MGM and Caesars are the two largest operators on the Las Vegas Strip, and both have extensive portfolios of regional casinos strewn across the US.

MGM Didn’t Pay Ransom

The responses to the Scattered Spider attacks by Caesars and MGM clearly differed and critics might assert that the Bellagio operator would have been better off paying the hackers.

However, the FBI urges ransomware victims to not comply with perpetrators because payments encourage the bad actors to infiltrate other companies. Hornbuckle didn’t disclose the amount Scattered Spider demanded, but he told Bloomberg he’s glad MGM didn’t pay up.

The operator’s systems are back to being fully functional and analysts believe the financial damage, which will be covered by insurance, will be confined to the third quarter.