As MGM Resorts continues to grapple with its cyberattack nightmare, it’s being reported Caesars Entertainment paid hackers millions of dollars to avoid a similar fate.
Bloomberg reports, “Caesars Entertainment Inc. paid tens of millions of dollars to hackers who broke into the company’s systems in recent weeks and threatened to release the company’s data.”
We shared this rumor back on Sep. 11, 2023, but it sometimes takes old-school media a minute to catch up.
Until recently, public companies weren’t compelled to report cyberattacks, or ransoms paid to hackers, but as we shared in our story about the MGM Resorts situation, recent SEC rule changes now require they do so.
In other words, the Caesars payoff to hackers would’ve never seen the light of day, as has happened fairly regularly in the past.
Some hacks make the news, many don’t. Here’s a list of the more notable casino cyberattacks.
We got multiple messages from Caesars Entertainment guests saying systems were down at the company’s resorts, but the issues never became widespread, presumably because the ransom was paid.
Given the immense financial and P.R. disaster unfolding at MGM Resorts (they’re in a fourth day of WTF, despite public statements), Caesars Entertainment’s decision is looking like pure genius.
The old “we don’t negotiate with terrorists” line doesn’t make a lot of sense when there’s insurance to reimburse $30 million in pocket change and you get to continue with business as usual.
Lots of companies are grappling with cybersecurity challenges at the moment, of course.
Casinos spend massive amounts of money on security, of all kinds, but the bad guys tend to be a step ahead.
The ransomware gang that has claimed responsibility for the MGM Resorts hack has also hit Mazars Group, OilTanking GmbH, Swissport, Florida International University, University of North Carolina A&T and Seiko.
Bloomberg says Caesars Entertainment was hit by a different group, Scattered Spider or UNC 3944.
In both cases, hackers gain access to internal systems via social engineering.
A different kind of social engineering has been used to convince several casinos to deliver cash to criminals. In those cases, scam artists targeted casino cashier employees, impersonating casino owners or executives. Human beings will always be the weak link in security systems of any kind.
The danger in paying off hackers is obvious, it encourages others to try their hand at digital extortion.
In retrospect, Caesars Entertainment appears to have done the best thing, if not the “right” thing. MGM Resorts may be fighting the good fight, but at what cost?
The post Caesars Entertainment Paid Millions to Hackers, Now Look Like Geniuses appeared first on Vital Vegas.