Cyber Defense Advisors

British teen arrested in connection with MGM Resorts ransomware attack

Graham CLULEY

July 23, 2024

Promo Protect all your devices, without slowing them down. Free 30-day trial

British police have arrested a 17-year-old boy believed to be linked to a cybercriminal gang that launched devastating ransomware attacks last year on MGM Resorts and other companies.

Last September, hotel and casino giant MGM Resorts was hit by a cyber attack which resulted left guests queuing for hours to check in to hotels, residents struggling to enter their rooms, ATM machines disrupted, and websites, TV services, and phone lines taken down.

At the time, MGM resorts confirmed that the incident impacted all of its resorts in Las Vegas, including the Aria, the Bellagio, Luxor, MGM Grand and Mandalay Bay.

Some members of the public took to social media to document the experience of being at a casino that had been brought to a standstill by hackers.

It took a full 10 days until MGM Resorts announced it was “operating normally” again, and later admitted that hackers had been able to access the personal information, including names, contact information, gender, date of birth, and driver’s license, passport, and even Social Security numbers, of some guests.

It was later revealed that hackers had successfully socially-engineered MGM’s IT helpdesk, posing on the telephone as an employee locked out of his account, and tricked them into handing over login credentials which allowed them to deploy the ransomware attack.

The cost to MGM Resorts has been declared at over US $100 million.

The 17-year-old youth arrested last week in Walsall, England, in a joint operation by West Midlands Police and the FBI, is suspected of being a member of the “Scattered Spider” cybercriminal group and was initially placed into police custody on suspicion of blackmail and offenses related to the Computer Misuse Act, according to a statement from the Regional Organised Crime Unit for the West Midlands (ROCUWM).

“This arrest has been made following a complex investigation which stretches overseas to America. We have been working closely with the National Crime Agency and FBI,” said Detective Inspector Hinesh Mehta, Cyber Crime Unit Manager at ROCUWM. “These cyber groups have targeted well known organisations with ransomware and they have successfully targeted multiple victims around the world taking from them significant amounts of money. We want to send out a clear message that we will find you. It’s simply not worth it.”

MGM Resorts has thanked law enforcement for its work in locating and arresting alleged members of the gang responsible for the attack, and notes that it refused to pay a ransom.