Posted on 09/19/2023 6:45:22 PM PDT by DeathBeforeDishonor1
If you visit Las Vegas, you might want to avoid at least one location: MGM Resorts. It got hit by a cyber-attack, creating chaos that’s been felt from the casino floor to the hotel rooms. Booking and checking in are now arduous tasks. Hotel key cards at the resort are also reportedly twitchy due to the hack. For eight days, MGM Resorts has been in a state of paralysis that’s costing them over $8 million daily, thanks to the hackers shutting down all the slot machines.
They’re not the only ones: Caesars was also targeted, but they allegedly paid the ransom between $15-30 million. MGM told these thugs to pound sand. Reports on the ground are that virtually every electronic device in the entire complex, including kiosks used for food and beverage orders, are virtually unworkable (via NY Post):
MGM Resorts has officially entered its eighth day of “cybersecurity issues” that have silenced slot machines and shut down internal computer systems, costing the hotel and casino chain as much as $8.4 million per day in daily revenue.
David Katz, a gaming industry analyst with Jefferies Group, issued a note estimating that MGM could take a hit of between 10% and 20% on revenue and cash flow.
The company generates some $42 million in revenue and $8 million in cash flow daily, according to Katz.
Paychecks to employees are now delayed. Strip clubs are now offering free lap dances to those impacted by the MGM hack. As for Caesars, it’s not confirmed that they paid the ransom, though if they did, experts warn more hacks like this are coming (via Associated Press):
(Excerpt) Read more at townhall.com ...
Many companies will pony up the ransom in a cyber-attack just to avoid the bad publicity.
They way pay the ransom, you can bet on it.
So they can hack Vegas slot machines but if you ask any democrat they’ll tell you that voting machines are un-hackable.
What a crock, because Vegas probably has 10 times the security of US elections.
they should have done a proper cost benefit analysis before failure to pay.
they should have kept their systems separated, even the aquarium controls.
they should have had and kept a parallel system even if it was eol and ‘underpowered’
there should have been a disaster recovery plan (yes I would have insisted on a 24 hour sla, but aimed for 12)
at least I feel good that this hacker group will all eventually feel really bad and commit Clinton-iside
I never liked the MGM Grand. They treated their customers like crap.
First and last time I stayed there was 2000 COMDEX. I was treated better at Buffalo Bills at Stateline.
Oh yeah.
I suspect the hackers had some inside help. It's usually the human element that is the weakest in cyber security.
Stayed at the Park MGM. It was very nice.
You couldn’t pay me to have electronic door locks...
An inside job is highly probable.
Post of the decade
Absolutely an inside job, IMHO...
Sam "Ace" Rothstein: The town will never be the same. After the Tangiers, the big corporations took it all over. Today, it looks like Disneyland. And while the kids play cardboard pirates, Mommy and Daddy drop the house payments and Junior's college money on the poker slots. In the old days, dealers knew your name, what you drank, what you played. Today, it's like checking into an airport, and if you order room service, you're lucky if you get it by Thursday. Today, it's all gone. You got a whale show up with four million in a suitcase, and some 25-year-old hotel school kid is gonna want his social security number. After the Teamsters got knocked out of the box, the corporations tore down practically every one of the old casinos. And where did the money come from to rebuild the pyramids? Junk bonds.
Regards,
Good, all these casinos are bottom feeders. The good old days of 3:2 BJ, 2-green roulette and 8:5 video poker are long gone, not to mention cheap steaks and rooms.
I hope the executives are fired when they reboot.
They can just install a backup. They do have multiple backups? They do have anti ransomware anti virus software?
Are they relying on Microsoft Defender?
Who is getting buried in the desert over this?
Someone call Vinnie and his crew. they have work to do!!
The company I worked at had a network drive hit by ransomware so they deleted the contents and put back a backup.
Some files were lost that were the latest.
The other network shares were not affected.
I have worked ransomware attacks. 18 hour days, 7 days a week. It's not fun, but it pays well.
The issue with paying is that the system is now "dirty". You don't know what else may be buried in compromised systems. You could potentially decrypt your entire system and be right back in the same place a year or two later.
Restoring from backup is ideal, and if your system is set up properly from the start, you can basically flip a switch and it all comes right back. It's more complicated than that, but that's what can happen.
That isn't what happens because there are legacy systems in every data center over a week old. They typically run some mission critical piece of the company and were so expensive and so complicated no one was ever willing to pay to have the system brought into current compliance.
At this point, you're now making phone calls to some guy(like me) who wrote the software, who maintained it and was telling them all along it needed brought forward in time. Of course that guy retired and moved to Florida so You pay him $250/hr and compress what should have been 500 hours of compliance into 80 hours and hope the bubblegum holds.
One tool that we used was called Carbon Black. It will go through everything attached to your data center and examine it for other ransomware. The attack may have occurred weeks or months ago, and bringing back old data can trigger it all again.
Several years ago, I was in Vegas for an IT related convention. One morning I was up early for some exercise. As I walked through the Casino toward the door, I looked over the slot machine floor and there was a sea of Windows 7 BSOD (blue screen of death) everywhere. Windows 7 was out of support, no more updates, etc and every slot machine in the casino was running a Windows 7 kernel.
You are right. They got so greedy that players have no chance to win. I’m surprised that the casinos aren’t using loaded dice at the crap table.
Making money off of vulnerable people is despicable.
I did the MSSP thing for a while. It’s amazing how poorly a huge number of critical systems are out there.
“They won’t come after us.” Was the most given response followed by “it’s too expensive to do all that!” I’d just leave a business card and wait.
L
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.