MGM CEO Confirms That It Did Not Pay a Ransom Following Cyberattack

  • Bill Hornbuckle called the cyberattack “corporate terrorism at its finest”
  • He confirmed that it was a tactical decision to not pay any ransom
  • MGM’s CEO also believes a Culinary Union strike can be avoided
Garbage bag full of ransom money
MGM Resorts CEO Bill Hornbuckle has revealed that the company did not pay any ransom following a recent cyberattack. [Image: Shutterstock.com]

Revealing some finer details

MGM Resorts International CEO Bill Hornbuckle has revealed further details about the casino company’s recent cyberattack. Presenting at the Global Gaming Expo as a keynote speaker on Tuesday, he responded to some questions, labeling the attack as “corporate terrorism at its finest” and adding that he wouldn’t wish the same problem on anyone else.

?the few weeks following the breach were “devastating”

Hornbuckle said that the hack happened by accident and involved social manipulation. He told the audience at the Venetian that the few weeks following the breach were “devastating.”

MGM’s team noticed the issue the day after it happened, which allowed it to respond quickly to try to protect as much data as possible by closing down certain systems. The infiltrators then realized what was happening and proceeded to shut down any further live systems.

He that as a result, the company was “completely in the dark” for the following four or five days trying to manage its 36,000 hotel rooms in Las Vegas. Everything from room key cards to the hotel and casino systems were not operational.

No ransom paid

Hornbuckle confirmed that MGM did not pay any ransom to the attackers, saying that this was a tactical decision, based on the length of time it would take for MGM to figure its way out of the attack versus getting the encryption keys from the attackers.

Caesars Entertainment suffered a similar attack shortly before MGM’s ordeal and ultimately paid a $15m ransom.

While noting that the entire incident will cost the company an estimated $100m, cyber insurance is expected to cover the costs of the hack. All of the commercial systems are now back up and running, though some other systems are yet to be fully functional. The company plans to reinvest in infrastructure, processes, and people going forward.

The point of entry for the attackers was the MGM technical team call center, using social engineering methods to gain access. The plan is to rework the processes going forward to ensure that the same thing does not happen again. Hornbuckle is confident that the credit card information of customers was not breached.

Other big talking points in Las Vegas

During the talk on Tuesday, Hornbuckle also mentioned the excitement surrounding next month’s Formula 1 race on the Strip, saying it will be the largest event that the city has ever had. The company’s average daily room rates around the race weekend are up around 400%.

believes that a satisfactory outcome can be reached for all parties in the coming weeks

Hornbuckle also touched on the current tensions involving resort properties and the Culinary Union, with strike action potentially looming. He believes that a satisfactory outcome can be reached for all parties in the coming weeks.

Leave a Reply

Your email address will not be published. Required fields are marked *