Caesars Entertainment, a major casino operator in the United States, has admitted to paying a ransom. This payment was made to prevent the online release of user information stolen in a recent ransomware attack.
After successfully collecting a ransom from Caesars Entertainment, the same group of cyber criminals has started its extortion effort on MGM Resorts. They claim to have encrypted MGM’s EXSi hypervisors.
On September 7th, Caesars Entertainment discovered that the attackers got unauthorised access to their loyalty programme database, which was an upsetting incident. For many of their consumers, this database contains sensitive data including the social security number and licence number.
According to an 8-K form Caesars submitted to the U.S. Securities and Exchange Commission:
We are still investigating the extent of any additional personal or otherwise sensitive information contained in the files acquired by the unauthorized actor. We have no evidence to date that any member passwords/PINs, bank account information, or payment card information (PCI) were acquired by the unauthorized actor.
Additionally, it appears that the same group was behind both cyberattacks. VX-Underground has linked responses on the dark web about both incidents to a newer group known as Scattered Spider, which is allied with the Blackcat ransomware group and uses their ALPHV malware in the context of these attacks.
The group was first reported in December 2022 and quickly became famous for its effective social engineering skills. It is worth noting that its members are said to be based in the United States and the United Kingdom, which is unusual.
Caesars Cyber Attack, Stolen Data, and Payment Security
Caesars’ 8-K filing also claims that a ransom, obtained by the attackers, was paid to stop the stealing of information from being published on the internet. According to The Wall Street Journal, Caesars Entertainment paid around $15 million, which is half of the attackers’ initial $30 million demands.
The loyalty program most certainly held basic contact information for customers, such as email addresses and maybe home addresses or phone numbers. The document, however, discloses that certain driver’s license and Social Security numbers were also hacked, most likely belonging to loyalty program members with credit lines at the casinos or who were required to supply tax information for huge prize claims. Customers who are not members of the reward program would be unaffected by the breach, according to Caesars.
Caesars, on the other hand, has said explicitly that it cannot provide any promises on the possible actions taken by the threat actors responsible for the event. This includes the possibility that they will continue to sell or disclose the stolen user data.
Caesars further said:
We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result. We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused.
The company has released another data breach statement with further details, and the event has been reported to law enforcement. It informed customers that all of its customer-facing activities, including its actual premises and gaming applications for mobile and online platforms, are running flawlessly.
Caesars is now the second casino business to be hit by a ransomware attack. MGM Resorts International announced that it had to temporarily shut down its IT systems due to a cyberattack, which affected its websites, reservation systems, and different casino services such as ATMs, slot machines, and credit card machines.
In the continuous fight against ransomware, experts from NCSC prioritise the necessity of never surrendering to ransom demands. Caesars, for example, recently made a payment in the hope that extortionists would purge the stolen data, but victims often lack clear confirmation of the promise’s fulfilment. Furthermore, experts emphasise that previous evidence does not support the concept that such promises have ever been kept.
Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.