Hotel booking systems and casino slot machines at one of America’s biggest hospitality firms remain paralysed three days after it first acknowledged a significant cyberattack.
MGM Resorts has seen its share price decline by more than 6% and the incident is being investigated by the FBI.
The $14bn (£11.2bn) company operates hotel and gaming venues around the world, notably in Las Vegas.
The MGM Resorts website says it is currently unavailable
Pictures posted on social media this week have shown slot machines at its casinos not working, while restaurant reservation and hotel booking systems remain offline.
There have also been problems with guests’ digital room keys and the firm’s corporate email address.
Credit rating agency Moody’s has warned the attack highlighted “key risks” within the company, which fell victim to another attack in 2020 that saw the personal information of 10 million customers end up on a hacking forum.
MGM has acknowledged this week’s cyber incident could have a “material effect” on its operations, according to a report filed with the US Securities and Exchange Commission.
The FBI has not elaborated on its own investigation, but two sources familiar with the matter told Reuters that a hacking group named Scattered Spider was behind the attack.
It was identified by analysts last year, having been found to target other businesses.
Charles Carmakal, chief technology officer at Mandiant Intelligence, described the hackers as “one of the most prevalent and threat actors impacting organisations in the US today”.
Bloomberg reported another entertainment firm, Caesars, has been hit by the same group.
British schools warned of cyberattack threat
How FBI and NCA broke notorious cybercrime network
The company’s Grand hotel in Las Vegas
‘We will likely see copycats’
The MGM incident is strongly suspected to be a ransomware attack, whereby hackers breach someone’s device or computer systems; prevent the owner from accessing them; and demand payment in exchange for decryption.
Experts said casinos are prime targets and should be on high alert.
Allan Liska, intelligence analyst at security firm Recorded Future, said: “Casinos around the world should be on heightened alert because ransomware groups love it when they get this kind of attention.
“We will likely see copycats.”
MGM has said its own investigation into the incident is ongoing.
Its website is still down.