Just days before MGM’s computer systems experienced a cyberattack, Caesars, another casino operator, paid $15 million in ransom to a cybercrime group that infiltrated and disrupted their systems, according to sources familiar with the matter disclosed to CNBC.
CNBC’s Contessa Brewer also reported that the same cybercrime group has demanded a ransom from MGM as well.
This recent attack on the gaming industry comes shortly after Caesars reported their incident in a U.S. Securities and Exchange Commission filing, acknowledging the hack as a significant event, similar to MGM Resorts’ filing.
Caesars negotiated the ransom demand from the cybercrime group at $30 million and agreed to pay roughly half of that amount, with the costs being partially covered by their cyber insurance policies.
Despite the ransom payment, Caesars does not anticipate any material impact on the company’s financials, according to the filing.
“Although this cybercrime group may be less experienced and younger than established ransomware groups, they pose a serious threat to large companies in the United States,” warned Charles Carmakal, Chief Technology Officer at Google Cloud’s Mandiant, in an interview with CNBC. “Their social engineering tactics, combined with strong English proficiency, make them highly effective.”
Bloomberg previously reported the ransom payments to the cybercrime group and linked the attacks on both MGM and Caesars to a group known as UNC3944 or Roasted 0ktapus. Security researchers have also connected this group to attacks on other companies, including Cloudflare, Okta, and Twilio.
It remains unclear why Caesars delayed disclosing the hack and ransom in their SEC filing. SEC rules require companies to report material events within four days. Recently, the SEC introduced a new cybersecurity disclosure rule, effective by year-end, that mandates companies to file an 8-K report disclosing the nature and impact of a cyberattack on their business.
Denial of responsibility! Vigour Times is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
