By BBBB
The West Midlands Police has announced that it has arrested a 17-year-old teenager in connection with the ransomware attack on MGM Resorts International in September of 2023.
Officers from the Regional Organised Crime Unit for the West Midlands (ROCUWM), worked alongside the National Crime Agency and the United States Federal Bureau of Investigation (FBI)to make the arrest on Thursday the 18th of July.
In a news release, the force stated it took the teenager into custody on suspicion of Blackmail and Computer Misuse Act offences. The teen was then released on bail while the force continues with its enquiries.
Detective Inspector Hinesh Mehta, Cyber Crime Unit Manager, at ROCUWM, said:
“This arrest has been made following a complex investigation which stretches overseas to America. We have been working closely with the National Crime Agency and FBI.
“These cyber groups have targeted well known organisations with ransomware and they have successfully targeted multiple victims around the world taking from them significant amounts of money. We want to send out a clear message that we will find you. It’s simply not worth it.”
Bryan Vorndran, Assistant Director of FBI’s Cyber Division, added:
“Today’s arrest is a testimony to the strength of the FBI’s domestic, international, and private sector partnerships.
The FBI, in coordination with its partners, will continue to relentlessly pursue malicious actors who target American companies, no matter where they may be located or how sophisticated their techniques are.”
MGM Resorts said in its own release:
“We’re proud to have assisted law enforcement in locating and arresting one of the alleged criminals responsible for the cyber attack against MGM Resorts and many others. We know first-hand the damage these criminals can do and the importance of working with law enforcement to fight back.
By voluntarily shutting down our systems, refusing to pay a ransom and working with law enforcement on their investigation and response, the message to criminals was clear: it’s not worth it.”
“We are forever grateful to the FBI for their support and work with international law enforcement to bring these criminals to justice.”
A brief statement from Microsoft was also included in the release:
“Today sends a strong message to cybercriminals: there will be consequences for your actions.
“Microsoft commends law enforcement for taking action against those that seek to cause harm, and we remain committed to collaborating with others across the public and private sector to collectively combat cyber threats and make the Internet a safer place.
“As this outcome shows, we have greater impact when we come together to fight cybercrime.”
2023 MGM and Caesars Cyberattacks
On Monday September 11th 2023, MGM Resorts announced through social media that that it had been the subject of a cyberattack. The company stated at the time that it had voluntarily shut down many of its systems as a precautionary measure.
This impacted multiple properties throughout the company’s network of hotels. This included systems for slots machines, the MGM website, and reservation systems being taken offline and all staff working in ‘manual mode’. The system outages extended to 10 days.
Just a few days later it was revealed that Caesars Entertainment was the subject of a cyberattack during the same period that saw casino operator pay out as much as $30 million (€27.9 million) to hackers.
In a October filing with the United States Securities and Exchange Commission (SEC) MGM stated that the potential loss to the company as a result of the recent cyberattack could reach $100 million (€94.8 million).
At the time, The Wall Street Journal also reported that MGM had refused to pay a ransom during the cyberattack ahead of the system shutdown.
Legal Action by Casino Customers
Shortly after the cyberattacks, it was reported that both MGM Resorts and Caesars Entertainment were facing lawsuits relating to the outages and how the companies handled the attacks.
At least five lawsuits have been filed in US courts alleging that the companies failed to provide adequate protection for customers’ personal and financial information.
The main complaint in the lawsuits revolve around the fact that the reports issued by both MGM and Caesars failed to give clear information on the safety of customers’ data. No clear indication was given that the data was compromised during the attacks. As a result, the customers filing suits have said that they were not given any assurances over the companies’ security measures. They now fear that their information could be vulnerable to future attacks.
English