Over the past week Major Casino and Hotel brands Ceasers Entertainment, and MGM responded to 2 major ransomware attacks.  Both of these attacks resulted in two distinct results, but the end result for both organizations was about the same, a major loss in revenue and the inherent need to upgrade their cybersecurity infrastructure.

How Did these Cyberattacks occur, and what did Each Organization do About Them

The cyberattacks carried out on both Ceasers and MGM were considered Ransomware Attacks.

Ransomware operates on a simple yet effective principle: it locks away critical files or entire systems, holding them hostage until a ransom is paid. The attackers often demand payment in cryptocurrency, providing a veil of anonymity that makes tracking them down difficult.

Common Attack Vectors include:

  1. Phishing Emails: Attackers frequently use deceptive emails to distribute ransomware. These emails may contain malicious attachments or links that, when clicked, initiate the download of the ransomware onto the victim's system.
  2. Malicious Websites: Visiting compromised or fake websites can trigger a drive-by download, where malware is automatically downloaded and installed without the user's consent.
  3. Exploiting Vulnerabilities: Outdated software, especially operating systems and applications, can contain known vulnerabilities that attackers exploit to gain unauthorized access.
  4. Malvertising: Cybercriminals use online advertisements to distribute malware. Clicking on an infected ad can lead to ransomware infection.

In the case of Cesare’s Entertainment, they reported to have been hit with a ransomware attack demanding payment of $30 Million dollars, however they admitted to only having paid half that amount at $15 Million dollars to the hackers.  Cesare’s operations continue to work, and they reportedly got their critical IT infrastructure back online.

Although Cesare’s didn’t suffer any critical outage, the problem with paying part or even all of the Ransomware’s demands is that you are putting your trust into a criminal organization to not turn over the data they stole to the highest bidder.  Even after paying the ransom, the attackers may still decide to not unlock your systems, or cause or further damage.

It may even be illegal to pay a ransom to a hacking collective which may be part of a sanctioned state or party, such as Iran or North Korea.

In the case of MGM properties, they decided not to pay the hacking groups demands, which resulted in an unprecedented shutdown of major systems across a multitude of MGM Hotels and Casinos across the country.

Guests reportedly could not check into their hotels, gaming platforms and machines were rendered completely offline, and Hotel Guests even reported they could not use their Room Keys to get into their rooms.

Furthermore, the hackers reportedly stole personal information from guests who had signed up for Rewards Club memberships for both Cesare’s and MGM, which could be sold and used for several illicit purposes.

What Steps Can You Take to Protect Yourself From Ransomware

Regular Backups: Maintain up-to-date backups of all critical data on an external drive or a secure cloud service. This ensures that you can recover your files without succumbing to the attacker's demands.

Install and Update Security Software: Use reputable antivirus and anti-malware software to detect and prevent ransomware attacks. Keep these programs updated to ensure they can defend against the latest threats.

Educate Yourself and Your Team: Recognizing phishing emails and suspicious websites is crucial. Educate yourself and your colleagues about the signs of phishing attempts to prevent falling victim to them.

Patch and Update Regularly: Keep your operating system, applications, and plugins updated. Cybercriminals often exploit known vulnerabilities, so timely updates can thwart their attempts.

Firewalls and Intrusion Detection Systems (IDS): Implement a robust firewall and IDS to monitor incoming and outgoing network traffic, identifying and blocking suspicious activities.

Restrict User Privileges: Limit user privileges to essential functions. This reduces the likelihood of malware gaining administrative access and wreaking havoc on your system.

Use Email Filtering: Employ email filtering tools that can identify and quarantine suspicious emails before they reach your inbox.

Implement Multi-Factor Authentication (MFA): Require multiple forms of authentication to access sensitive accounts or systems. This extra layer of security can deter attackers even if they have obtained login credentials.

Regular Security Audits and Penetration Testing: Conduct regular security audits and penetration tests to identify vulnerabilities and address them proactively.

Working with a Cybersecurity expert like Natural Networks can help you see all possible attack vectors, and help you achieve IT peace of mind.  If you’re interested in learning more about working with Natural Networks to keep your data and IT safe, give us a call today!