The U.K.'s second-largest police force has confirmed the arrest of a 17-year-old male in Walsall, England in connection with the MGM Resorts Las Vegas ransomware attack in Sept. 2023.
The West Midlands Police Department made the arrest last week following a joint investigation by the National Crime Agency and the FBI. The teenager is suspected of blackmail and violating the U.K.’s Computer Misuse Act of 1990. Several digital devices were seized from the suspect's home and are undergoing forensic examination.
Authorities have linked the teenager to an unspecificed global cybercrime group.
The FBI also took to X (formerly Twitter) to publicize the arrest: “Today’s arrest is a testimony to the strength of the FBI’s domestic, international, and private sector partnerships," commented Bryan Vorndran, Assistant Director of FBI’s Cyber Division. "The FBI, in coordination with its partners, will continue to relentlessly pursue malicious actors who target American companies, no matter where they may be located or how sophisticated their techniques are.”
Today, the #FBI joins the UK’s @NCA_UK, @WMPolice, and @ROCUWM to announce the arrest of an individual connected to a global cybercrime group which has victimized major companies, including MGM Resorts. Read more about the arrest here: https://t.co/8Vq8BIDf3V pic.twitter.com/AshG1Om0ts
— FBI (@FBI) July 19, 2024
The police have confirmed that the suspect has been released on bail while the investigations continue.
“We’re proud to have assisted law enforcement in locating and arresting one of the alleged criminals responsible for the cyber attack against MGM Resorts and many others,” commented MGM Resorts as part of the police announcement released Friday. “We know first-hand the damage these criminals can do and the importance of working with law enforcement to fight back.”
What happened in September?
On Sept. 12, 2023, hackers conducted a cyberattack on MGM Resorts in Las Vegas, causing nine days of significant disruption across all MGM properties on the Las Vegas Strip. The attack impacted slot machines, room key cards, and employees' email access.
Beau Rivage and other MGM casinos have continued to operate with new processes in place, such as handling dinner and entertainment reservations via phone. The company told the Securities and Exchange Commission (SEC) that it lost around $100 million in earnings as a consequence of the attack.
Cybercrime gang Scattered Spider admitted to the attack and reportedly employed BlackCat ransomware developed by ALPHV to obtain login credentials. However, MGM said in its SEC filing that it does not believe any customer banking information or passwords were compromised.
“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” commented the ALPHV group on X.
Two attacks in one week
The day after the MGM attack, Caesars Entertainment announced that it had been targeted by a separate hacking group. Caesars paid millions of dollars to prevent the release of private company data, including Social Security numbers and driver’s license information, from its loyalty program database. Security researchers say that both attacks used similar methods.
Further disruptions
Earlier this week, BetMGM and other Entain-owned sports betting brands experienced technological issues due to a global tech outage affecting various industries. “Thanks for your patience and apologies for the inconvenience caused,” wrote BetMGM Customer Care on X.
About MGM Resorts
Founded in 1986 in Las Vegas, MGM Resorts International is a global entertainment company with destination resorts in Las Vegas, New Jersey, Michigan, Ohio, Maryland, Mississippi, and Massachusetts. It's the largest casino company in the world by revenue and owns several renowned brands, including BetMGM, in partnership with Entain.
Despite challenges like the September cyberattack, the company reported record performance in Las Vegas for the 2023 financial year, with over $8.8 billion in revenue.
