‘Don’t blame us for MGM Resorts disruption. We only installed ransomware,’ says gang

The AlphV ransomware gang has admitted it was behind this week’s attack on casino and hotel operator MGM Resorts, but is saying the company and not hackers were responsible for closing the IT environment.

However, it takes credit for eventually launching ransomware.

In a statement saying it wants to “set the record straight,” the gang says it’s not to blame for service outages such as employees not being able to log into the IT environment, slot machines that stopped working, slow electronic transfers of winnings and hotel guests locked out of their rooms because electronic key cards didn’t work.

Yes, it admits, the gang was able to get into MGM Resorts’ Okta identity and access management environment. But, the statement says, “MGM made the hasty decision to shut down each and every one of their Okta Sync servers after learning we had been lurking on their Okta Agent servers, sniffing out passwords of people whose passwords couldn’t be cracked from their domain controller hash dumps.”

The group infiltrated MGM Resorts’ IT network on Friday, Sept. 9, the statement says. The company took essential elements of the network offline on Sunday after discovering the intrusion.

The gang’s statement also criticizes researchers at VX Underground for falsely alleging in a tweet that someone linked to the gang got into the MGM Resorts environment by convincing an IT support staffer that they were an employee.

“The rumours about teenagers from the U.S. and U.K. breaking into this organization are still just that — rumours. We are waiting for these ostensibly respected cybersecurity firms who continue to make this claim to start providing solid evidence to support it,” it said.

“We continue to have access to some of MGM’s infrastructure,” the gang’s statement adds. “If a deal is not reached, we shall carry out additional attacks.”

For some reason, the group is protective of its reputation, complaining that news outlets falsely reported that AlphV had claimed responsibility for the attack before the group actually announced it.

In an email, Brett Callow, a B.C.-based threat analyst at Emsisoft, said nothing in the gang’s statement struck him as implausible. “That’s not to say any or all of it is accurate, ” he added, simply that it’s not implausible.

“The unfortunate aspect to this is that a company that seems not to have paid a ransom — casino and hotel operator MGM Resorts — is receiving lots of press attention based on the claims of cybercriminals, while a company that may well have paid — casino and hotel operator Caesar’s Entertainment — is receiving far less. The levels of disruption are drastically different too. Moving forward, these factors may help the cybercriminals — all cybercriminals, not only AlphV — convince other victims that payment is the least painful option.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.