MGM Resorts International knew about a hack even before the cybercriminals in question demanded a ransom for the information stolen. The casino chain was able to take timely steps and therefore did not have to pay.
That’s what CEO Bill Hornbuckle indicates in conversation with Bloomberg. The hackers reportedly roamed MGM Resorts’ systems for several days before finally sending a ransom demand. MGM decided not to pay because the casino chain realized early on that it had been hacked, and was working to track down the perpetrators.
Course of hacking attack
CEO Bill Hornbuckle also gave Bloomberg more details about the course of the hacking attack. In the evening of Sept. 7, it was discovered that the hotel and casino chain was under attack by hackers. The company tried to take down its systems before the hackers could steal data, but were unsuccessful. The hackers eventually managed to reach the DNS layer to spread their malware.
MGM Resorts then launched a “war room” in which management, IT specialists, lawyers and cybersecurity consultants battled the hackers. The company switched to manual operations, such as physically writing down customers’ names and credit card numbers.
The ransom demand appeared only days later, at a time when the hackers were taking core systems offline. These included the payroll software, the purchasing system, the telephony environment and, most importantly, the reservation system that handled 20,000 requests a day.
Meanwhile, except for a server for the loyalty program, MGM Resorts is fully operational again.
Read also: Hack at MGM casinos leads to theft of personal data and huge costs