Las Vegas Casinos Fall to Cyberattack: Should Corporations Pay Ransoms?


In a new development in the realm of cybercrime, the famed Las Vegas casino operators, Caesars and MGM Resorts International, fell victim to cyberattacks. While Caesars succumbed to the pressures of a ransom, paying a considerable $15 million of the initially demanded $30 million, it remains uncertain whether MGM Resorts International followed suit. Observations, however, hint at a possible refusal to pay the ransom.

The significant question that arises in such situations is whether or not major corporations should comply with the payment demands of their attackers. Lisa Plaggemier, Executive Director of the National Cyber Security Alliance, insists that the best policy is not to pay up. She states that the more frequently organizations acquiesce, the more cybercriminals gain incentive to continue their activities.

Follow us on Google News! ✔️

Plaggemier suggests that the optimal strategy to tackle a ransomware attack is through preparation and simulation of potential attack scenarios. This involves investing in third-party consultants who run through mock incidents, thereby exposing vulnerabilities. Such an approach prepares organizations to better manage an actual attack with a pre-determined response, curtailing the rush of frantic decision-making under duress.

A controversial claim emerged from the hackers, asserting that MGM inadvertently exacerbated the cyberattack by prematurely shutting down its systems. Plaggemier refrained from attributing credibility to the allegations, but drew attention to MGM’s apparent lack of network segmentation. She emphasized the crucial need for organizations to segment their networks and invest in robust IT infrastructure and backup systems. Plaggemier believes this is the key to neutralizing the threat of ransomware.

Recent estimates suggest that MGM boasts $200 million in cyber insurance. However, relying solely on such insurance can inadvertently encourage cybercrime. While insurance may help alleviate ramifications from an attack, Plaggemier warns against a casual attitude or unpreparedness to the possibility of a cyberattack. Cybercriminals are opportunistic, targeting the most vulnerable systems, and care should be taken not to be the easiest company to hack.

Concerning the essential problem of paying ransoms, Plaggemier points out the lack of guarantees. There is no assurance of the data being returned or the data not already having been sold on the dark web. Dealing with criminals involves a risky assumption of trust and honor in an inherently dishonorable profession.

Likening recent cyberattacks to a revitalization of organized crime, this reveals an ironic turn of events; major corporations in Las Vegas, known to have replaced mafia rule, are now under the digital siege of a new form of organized crime.