The West Midlands Police has announced that it has arrested a 17-year-old teenager in connection with the ransomware attack on MGM Resorts International in September of 2023.
Officers from the Regional Organised Crime Unit for the West Midlands (ROCUWM), worked alongside the National Crime Agency and the United States Federal Bureau of Investigation (FBI)to make the arrest on Thursday the 18th of July.
In a news release, the force stated it took the teenager into custody on suspicion of Blackmail and Computer Misuse Act offences. The teen was then released on bail while the force continues with its enquiries.
Detective Inspector Hinesh Mehta, Cyber Crime Unit Manager, at ROCUWM, said:
“This arrest has been made following a complex investigation which stretches overseas to America. We have been working closely with the National Crime Agency and FBI.
“These cyber groups have targeted well known organisations with ransomware and they have successfully targeted multiple victims around the world taking from them significant amounts of money. We want to send out a clear message that we will find you. It’s simply not worth it.”
Bryan Vorndran, Assistant Director of FBI’s Cyber Division, added:
“Today’s arrest is a testimony to the strength of the FBI’s domestic, international, and private sector partnerships.
The FBI, in coordination with its partners, will continue to relentlessly pursue malicious actors who target American companies, no matter where they may be located or how sophisticated their techniques are.”
MGM Resorts said in its own release:
“We’re proud to have assisted law enforcement in locating and arresting one of the alleged criminals responsible for the cyber attack against MGM Resorts and many others. We know first-hand the damage these criminals can do and the importance of working with law enforcement to fight back.
By voluntarily shutting down our systems, refusing to pay a ransom and working with law enforcement on their investigation and response, the message to criminals was clear: it’s not worth it.”
“We are forever grateful to the FBI for their support and work with international law enforcement to bring these criminals to justice.”
A brief statement from Microsoft was also included in the release:
“Today sends a strong message to cybercriminals: there will be consequences for your actions.
“Microsoft commends law enforcement for taking action against those that seek to cause harm, and we remain committed to collaborating with others across the public and private sector to collectively combat cyber threats and make the Internet a safer place.
“As this outcome shows, we have greater impact when we come together to fight cybercrime.”
2023 MGM and Caesars Cyberattacks
On Monday September 11th 2023, MGM Resorts announced through social media that that it had been the subject of a cyberattack. The company stated at the time that it had voluntarily shut down many of its systems as a precautionary measure.
This impacted multiple properties throughout the company’s network of hotels. This included systems for slots machines, the MGM website, and reservation systems being taken offline and all staff working in ‘manual mode’. The system outages extended to 10 days.
Just a few days later it was revealed that Caesars Entertainment was the subject of a cyberattack during the same period that saw casino operator pay out as much as $30 million (€27.9 million) to hackers.
In a October filing with the United States Securities and Exchange Commission (SEC) MGM stated that the potential loss to the company as a result of the recent cyberattack could reach $100 million (€94.8 million).
At the time, The Wall Street Journal also reported that MGM had refused to pay a ransom during the cyberattack ahead of the system shutdown.
Legal Action by Casino Customers
Shortly after the cyberattacks, it was reported that both MGM Resorts and Caesars Entertainment were facing lawsuits relating to the outages and how the companies handled the attacks.
At least five lawsuits have been filed in US courts alleging that the companies failed to provide adequate protection for customers’ personal and financial information.
The main complaint in the lawsuits revolve around the fact that the reports issued by both MGM and Caesars failed to give clear information on the safety of customers’ data. No clear indication was given that the data was compromised during the attacks. As a result, the customers filing suits have said that they were not given any assurances over the companies’ security measures. They now fear that their information could be vulnerable to future attacks.
Based in London, Natasha is a former sports journalist with experience working for some of the biggest athletes & brands in the world of sports and iGaming.
A British teenager has been detained for his alleged involvement in a cyberattack on MGM Resorts International, one of the largest hospitality and entertainment companies in the world. The attack, which occurred in 2019, resulted in the personal information of over 10.6 million guests being exposed.
The teenager, who cannot be named for legal reasons, is believed to have been part of a hacking group that targeted MGM’s systems in order to steal sensitive data. The group reportedly used a technique known as “credential stuffing” to gain unauthorized access to the company’s servers.
The cyberattack on MGM is just one of many high-profile incidents that have highlighted the growing threat of cybercrime. As more and more businesses and individuals rely on digital technology for their daily activities, the risk of falling victim to hackers and cybercriminals has never been greater.
In response to the attack, MGM has taken steps to improve its cybersecurity measures and protect its customers’ data. The company has also worked closely with law enforcement agencies to identify and apprehend those responsible for the breach.
The case of the British teenager serves as a reminder of the importance of cybersecurity in today’s digital age. It is crucial for businesses and individuals alike to take proactive steps to safeguard their data and prevent unauthorized access to their systems.
As the investigation into the MGM cyberattack continues, it is likely that more details will emerge about the teenager’s involvement and the motives behind the attack. In the meantime, it is essential for everyone to remain vigilant and stay informed about the latest cybersecurity threats in order to protect themselves from falling victim to similar incidents in the future.
