News recently broke of MGM, the vaunted hospitality corporation, downplaying the extent of a disruptive cyberattack that suspended operations widespread across their Las Vegas properties. The incident was originally reported by a Twitter user who noted a collection of unresponsive slot machines within the Aria, one of MGM’s many opulent resorts.
MGM was swift to issue reassurances, maintaining via Twitter that all resorts—encompassing dining, gaming, and entertainment—were currently functional and providing services in line with the corporation’s high standards.
However, the incident, a ransomware attack that occurred on September 10th, brought many of MGM’s websites offline and caused considerable upset to gaming and resort affairs at the corporation’s dozen Las Vegas-based establishments. The attack impacted the MGM Grand, Bellagio, Aria, Cosmopolitan, Park MGM, Luxor, Mandalay Bay, Excalibur, New York-New York, NoMad, Delano, and Vdara.
Contrary to MGM’s optimistic assertions, social media reports from guests and visitors painted a less favorable picture. Digital updates indicated a blanket suspension of gaming machines, sports wagering booths, ATM facilities, and reward cards, lasting an uncomfortable three days. Additionally, pre-issued digital room keys ceased to function, inciting lengthy and maddening lines at front desk areas. Additionally, an unusual presence was noticed of “random plain-clothed people with walkie-talkies” riding Aria’s elevators, potentially due to the emergency phone systems being offline.
Thursday brought preliminary reports of MGM systems tentatively resuming normal service. Yet, challenges persisted, including inability to utilize meal, drink or casino play credits, and fraudulent credit card charges. Additionally, reports indicated an ongoing cash-only protocol and limited game accessibility at Aria’s casino floor.
Behavior of some slot machines at Park MGM suggested a return to functionality, but with manual payout procedures leading to significant wait times – anything from 20 minutes to an hour, as noted by YouTube personality and Vegas insider, Jacob Orth. Hotel services also struggled, with the check-in and check-out processes still being managed manually.
Though as of Friday morning, many of the issues seemed to be on the mend, property websites and apps remained inaccessible, and it was believed that telephones and televisions in MGM hotel rooms were still out of service.
Nevertheless, MGM seemed determined to address the issue promptly, stating, “We continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly,” in a Friday morning tweet.
Guests found a small silver lining in the chaos; the parking gates at all properties were stuck in the open position, allowing free parking for anyone.
The hacker group ALPHV/BlackCat claimed responsibility for the cyberattack, adding another layer of intrigue to this unfortunate incident.