Attacks on Casino Giants Heralds Resurgence in Ransomware Demands
Cyberattacks on MGM Resorts International and Caesars Entertainment last week show that ransomware gangs continue to be a major threat and are using more sophisticated strategies to break into private computer networks.
GuyCarpenter reported Wednesday that a cybercrime group called Scattered Spider, an affiliate of the ALPHV ransomware group, used social engineering techniques to gain entry. In the past, Scattered Spider has impersonated information technology personnel to persuade credentialed employees to gain access by running remote monitoring and other tools, GuyCarpenter said. The cybergangs “leveraged” information from LinkedIn for the ruse, the report says.
Scattered Spider also attacked Caesars Entertainment, which, like MGM, operates Las Vegas casinos. CNBC, citing anonymous sources, reported that the hackers demanded $30 million in ransom from Caesars, but the company negotiated that down to a $15 million payment.
Reuters, citing identity management company Okta, reported that the same groups that hacked MGM and Caesars also broke into the computer systems of three other companies in manufacturing, retail and technology. The news service reported that MGM said its hotels and casinos were back to normal operations on Wednesday, but it was working to resolve issues at its luxury Excalibur hotel and casino in Las Vegas.
GuyCarpenter said the attacks show ransomware is still a major peril for insurers and insureds even after cyber insurers responded to a wave attacks in 2019 by increasing rates by an average of 183% since 2020. Losses from the MGM and Caesars attacks could prompt insurers to take a more cautious approach toward pricing and terms, the report says.
GuyCarpenter said insurers should not make the mistake of categorizing the MGM and Caesars hacks as a single event.
“Unlike systemic ransomware attacks where a self-propagating malicious code spreads across networks, the Vegas attacks involved, through individual targeted reconnaissance efforts, the compromise of separate systems owned and controlled by different entities,” the report says. “However, for insurers seeking to address portfolio volatility, losses from the MGM and Caesars claims should be considered holistically to address overall aggregation risk.”
In a separate report, cyber insurer Coalition said it experienced a 27% increase in ransomware claims frequency during the first half of 2023, compared to the second half of 2022. Coalition said ransomware attacks ransomware attacks had been ticking down in the previous 18 months before surging again in 2023.
Along with the increase in frequency, claim severity jumped 61% in the first half of the year, reaching a record high average payment of $365,113, Coalition said. The insurer said the average ransomware demand was $1.62 million, but it was able to negotiate the amounts paid down to an average of 44% of the initial demand. The company said 36% of its policyholders chose to pay ransoms.
“The cyber threat landscape has become more volatile, and, as a result, we’ve seen claims become more severe and more common than ever,” stated Chris Hendricks, head of Coalition Incident Response. “To help prevent these costly and disruptive incidents, organizations need to take an active role in improving their security defenses and make risk management a top priority.”