Picture this: Your IT infrastructure is breached by a nefarious actor, who then encrypts critical data and holds your organization hostage until a ransom is paid. Far from hypothetical, this is exactly what happened to multi-billion-dollar casino operator MGM Resorts International last week when hit with a ransomware attack – the latest in a string of large-scale, high-profile cyber security incidents.
The attack, which occurred on Sept. 10 and sent shockwaves throughout the company and around the world, caused disruptions across MGM’s computer systems and operations. It wreaked havoc on gaming machines, online room bookings, digital keys, card payments, and customer accounts. All told, the hackers claim to have stolen 6 terabytes of data from MGM and Caesars Entertainment, which also reported breaches, including the social security and driver’s license numbers of a significant number of casino loyalty program members.
In the aftermath, local law enforcement as well as the FBI were brought in to investigate and, while a ransom was demanded in exchange for restoring the data and systems, it remains unclear if MGM has agreed to pay up. The casino giant is reportedly collaborating with external experts to get operations and systems back online, which, over a week later, is still a work in progress. Yikes.
Now, here’s real the kicker: The entire breach unraveled over a simple 10-minute phone call.
According to both Yahoo News and Gizmodo, the hacker group known as ALPHV or BlackCat carried out the attack, bringing MGM to its knees using only social engineering, including information it found on LinkedIn and a well-placed call to the casino’s helpdesk.
“A company valued at $33.9 billion was defeated by a 10-minute conversation,” vx-underground, a well-known malware archiving organization, wrote on X (formerly Twitter).
Reckoning with Ransomware
Targeted ransomware attacks, like the one against MGM, continue to skyrocket around the world, striking a business or consumer every 11 seconds, according to Cybersecurity Ventures. By 2031, that rate is expected to increase to one attack every two seconds with global ransomware damages predicted to hit a staggering $265 billion. That amounts to nearly $245 billion lost over the next decade, an increase of 30 percent year over year.
At 11:11 Systems, we know that recovering from a data-compromising cyberattack requires planning, investment, capabilities, procedures, and more. We also understand how important it is for organizations to recognize the difference between traditional disaster recovery (in response to incidents such as hardware failure, wildfires, earthquakes, and other extreme weather conditions) and compromised data recovery (in the event of a cybersecurity incident).
We are here to help educate the market in understanding their own capabilities to get back to “business as usual” after an attack. An interruption to operations caused by a cyberattack can cost businesses an enormous amount both financially and reputationally.
In an interview with Las Vegas 8 News Now, Dante Orsini, chief strategy officer at 11:11 Systems, shared some valuable insights, namely, how organizations should respond and recover in the event of an attack.
“What we see most commonly these days are bad actors trying to infiltrate organizations, digging deep and wide into the system, encrypting data, and locking out parent companies,” Orsini said. “Right now, it’s all hands on deck [at MGM] to stabilize all those systems, find the best copy of the data, and restore business operations. Then they’ll go back and do the forensics process to figure out exactly how someone compromised their infrastructure.”
11:11 Systems Chief Strategy Officer Dante Orsini interviewed by local Las Vegas TV station
Ransomware: Response and Recovery
With both the frequency and sophistication of ransomware attacks on the rise, organizations must find ways to fortify themselves against such nightmare scenarios and significantly diminish their exposure to risk.
To navigate today’s landscape of heightened cyber threats, you must embrace a multi-disciplinary, multi-layered approach, marked by continuous diligence, comprehensive training, and strategic investments. In doing so, you’ll be prepared to minimize business interruptions in the face of a cyber event and shield your company from becoming the next alarming cyberattack headline.
In this article, Disaster Recovery Journal highlights a few simple, proactive measures any organization can take to fortify its defenses against cyber threats. For example:
- Secure access controls like the use of strong passwords and multi-factor authentication.
- Keep your software and hardware up to date.
- Thorough data security, backing up your data, storing it offline or in the cloud.
- Comprehensive employee training about phishing and other cyber threats.
- Constant vulnerability management using tools such as continuous risk scanning.
- Regularly tested incident response plans to understand and test plans to restore systems and data with business continuity being the primary objective.
- Robust network security with multi-layered tools like firewalls, antivirus software, and other managed security measures focused on event management and mitigation.
By following this guidance, you will quickly improve and fortify your organization’s cyber defenses. While robust security measures require upfront costs, these expenses are minimal compared to the potential damage to your organization’s data and reputation. Remember, cybersecurity is not solely an IT concern; it’s an organizational imperative. Taking proactive steps today can be the key to ensuring your company remains resilient and avoids becoming the next headline in the ransomware saga. Stay vigilant, stay secure, and protect what matters most – your organization’s future.
To dive deeper into 11:11’s suite of managed security solutions, and ransomware insights check out the resources below.