After a lull in 2022, ransomware seems to be back on the rise according to the 2023 State of Ransomware Report by MalwareBytes, a global surge in ransomware attacks over the past year seem to largely target the United States, hacker groups appear to be exploiting zero day vulnerabilities to gain access to networks and deploy ransomware software. According to Wired, attacks have become more reckless employing “double extortion” tactics on large organizations, where cyber criminals not only encrypt sensitive information, but they also threaten to publish it on the dark web if the ransom is not paid in time.
The latest event to demonstrate these trends are the attacks on MGM and Caesars last month, the two of the largest casinos in the country. In addition to customer information being stolen at both companies, for MGM, hotel key cards were corrupted and slot machines went dark. Tony Anscombe, chief security official at cybersecurity company ESET, believes the invasions may have been a result of a ‘socially engineered attack,’
Hacking group Scattered Spider has claimed responsibility for the MGM incident, using ransomware as a service company ALPHV. Scattered Spider claims they found an employee’s info on Linkedin and called the MGM IT helpdesk to gain access to the employee’s credentials (known as Vishing). While ALPHV has denied certain aspects of the breach, they also took responsibility for providing the ransomware, alleging there was a ransom but MGM has yet to pay it.
As for Caesars, Scattered Spider denied responsibility for that attack even though the breaches happened within a week of each other and used the same social engineering techniques. The casino ended up paying millions of dollars to regain access to their information. Organizations who pay ransoms enable hackers to do this more in the future, which is why it should be all employees’ responsibility to recognize social engineering attempts to protect their organizations;