MGM Suffers Consequences of Failing to Pay Hackers
By
Jane Shaw
Senior Editor
Updated: 10/21/2023
We count on Jane to inform our readers about the latest slot games in the US market. With her passion for video games and a degree in engineering, she’s our gambling tech expert. Jane’s also active in our blog section, where she tackles the curiosities and changes in the industry.
MGM Suffers Consequences
Cybersecurity attacks on casinos have become increasingly common, according to reports. One of the latest entertainment giants to be hit was MGM Resorts, and this has led to severe financial implications for the company. The company is facing severe financial repercussions after a ransomware attack on its US operations.
The entertainment giant, known for operating the Bellagio along with many other big-name casino resorts, announced a potential $100 million drop in its third-quarter earnings before interest, taxes, depreciation, amortization, and restructuring or rent costs (EBITDAR) stemming from the attack, which lasted for over 10 days.
Informing Stakeholders About the Impact of the Attack
In a bid to keep stakeholders informed, MGM revealed that an additional $10 million in unprecedented costs are directly related to the data breach.
Analysts speculate that the financial impact could have been mitigated if MGM had given in to the hackers’ demands. According to insiders who spoke to the Wall Street Journal, MGM consciously opted against paying the ransom to the hacking group, identified as “Scattered Spider.”
This decision is in stark contrast to the approach that was taken by another casino and entertainment giant, Caesars Entertainment. This industry giant recently faced a similar threat from the same hacking group.
Caesars Entertainment settled on a $15 million payment out of the $30 million initially demanded by Scattered Spider, successfully avoiding the chaos and huge operational problems that have affected MGM.
FBI’s Stand on Ransom Payments Influenced MGM’s Decision
The US government has a firm stance on not negotiating with terrorists, and the FBI has always advised businesses to refrain from complying with ransomware demands.
The federal law enforcement agency states:
The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to partake in such illicit endeavors.
MGM Resorts appears to have acted upon this advice, unlike a number of other corporations, including Caesars. This inconsistency in response tactics appears to have bolstered the confidence of cybercriminals according to some industry experts. This has then led to a surge in these types of attacks, as the cybercriminals believe that their chances of receiving payments from the targeted companies remain high.
Following the recent attack, MGM Resorts has concentrated its efforts on overhauling its cybersecurity infrastructure and strengthening its defenses against this type of crime.
While this is undoubtedly a necessary move, it comes too late to stop the financial losses caused by the attack. The situation has led to debates among investors, with some insisting that MGM should have negotiated with Scattered Spider to help bring the situation under control.
With the continued rising risk of cyberattacks, the decision of whether to pay ransoms or refuse to engage with cybercriminals remains a difficult one for businesses across the world. Many will be keen to avoid the problems that MGM has faced by simply negotiating a deal with the criminals.