Ransomware Attack Against MGM
by Vertek Labs
In September 2023, MGM Resorts International was the victim of a sophisticated cyber attack carried out by a group known as Scattered Spider. The attack affected MGM’s Las Vegas locations, disrupting customer-facing electronic systems, including casino and hotel computer systems, the company’s corporate email, restaurant reservation, hotel booking, and digital key card access. The attack lasted for 10 days, before MGM was able to bring its systems back online.
The attack is believed to have been carried out using ransomware, a type of malware that encrypts a victim’s data and demands a ransom payment in exchange for the decryption key. MGM has not publicly confirmed whether or not it paid a ransom to the hackers, but some experts believe that it is likely that the company did so in order to minimize the disruption to its business.
How Managed Detection and Response Could Have Helped
Managed Detection and Response (MDR) is a security service that provides organizations with 24/7 monitoring and analysis of their security data. MDR teams use a variety of tools and techniques to identify and respond to security threats.
Vertek’s RansomMDR product combines their SOAR platform with Halcyon’s anti-ransomware platform to provide a comprehensive solution for ransomware prevention, detection, and response. This product could have helped with the MGM attack in a number of ways, including:
Prevention: Vertek’s RansomMDR product can help to prevent ransomware attacks by identifying and remediating indicators of compromise in systems and applications. The product can also be used to implement security policies and procedures that can help to reduce the risk of ransomware infection.
Detection: Vertek’s RansomMDR product can detect ransomware attacks at an early stage, before they have a chance to cause significant damage. The product can monitor systems and applications for suspicious activity and can generate alerts if it detects anything suspicious.
Response: Vertek’s RansomMDR product can help organizations to respond to ransomware attacks quickly and effectively. The product can automate many of the tasks involved in ransomware response, such as isolating infected devices, restoring data from backups, and notifying affected individuals.
The cyber attack against MGM is a reminder of the growing threat of ransomware attacks against businesses of all sizes. MDR can help organizations to protect themselves from these attacks by providing them with 24/7 monitoring and analysis of their security data.
Additional Tips for Preventing and Recovering from Ransomware Attacks
In addition to MDR, there are a number of other things that organizations can do to protect themselves from and recover from ransomware attacks:
Educate employees on ransomware attacks: Employees should be trained on how to identify and avoid phishing emails and other social engineering attacks.
Implement strong security controls: Organizations should implement strong security controls, such as firewalls, intrusion detection systems/intrusion prevention systems (IDS/IPS), and web filtering, to protect their networks from attack.
Regularly backup data: Organizations should regularly back up their data to a secure location so that they can restore their data in the event of a ransomware attack.
Have a ransomware incident response plan in place: Organizations should have a plan in place for responding to a ransomware attack. This plan should include steps for identifying and containing the attack, restoring systems and data, and communicating with customers and stakeholders.
By following these tips, organizations can help to protect themselves from ransomware attacks and minimize the damage if they are attacked.
November 22, 2023
November 14, 2023