Too Rich to Ransomware? MGM Brushes Off $100M in Losses

  /     /     /  
Publicated : 23/11/2024   Category : security


Too Rich to Ransomware? MGM Brushes Off $100M in Losses


MGM wins big bet that choosing days of operations outages is a better business decision than paying a ransom, following last months data breach.



Following Septembers ransomware attack on MGM Resorts, the hospitality and casino giant swiftly decided not to engage or negotiate with cybercriminals — and based on its most recent Securities and Exchange Commission (SEC) disclosure, the gamble paid off.
MGMs incident response strategy
was a sharp left turn from Caesars Entertainment, which after it was breached by the
same threat actors
, decided to pay a negotiated ransom of $15 million and move on. In the days following the
casino cyberattacks
, Caesars was back to day-to-day operations, while
MGM struggled to claw back operations
for more than a week.
In its revised
SEC disclosure
form 8-K, MGM reports it lost about $100 million as a result of the breach, which seems like a hefty price tag at first blush. However, the company noted that the losses will only slightly impact the companys third quarter financials, with minimal potential spillover into the fourth quarter. For comparisons sake,
MGM hauled in nearly $4 billion in revenue
in the second quarter of the year, across its global operations — and $2.1 billion in revenue from its Las Vegas properties alone.
The Company does not expect that it will have a material effect on its financial condition and results of operations for the year, MGM said. The casino juggernaut is already looking forward to November Formula 1 racing coming to the Vegas Strip, which it added will boost its fourth quarter earnings significantly.
Caesars, on the other hand, made the choice to pay, despite widespread guidance against meeting ransom demands.
Paying a ransom to cybercriminals does not guarantee a full return of an organizations systems and data, and only furthers the ransomware ecosystem, according to Anne Cutler, cybersecurity evangelist with Keeper Security. Although the $100 million in losses are costly on the surface, MGMs decision not to pay the ransom followed the course of action recommended by cybersecurity experts, government, and law enforcement.
The outcome makes a surprising business case for telling cybercriminals to pound sand following a ransomware attack.
Are some organizations just too rich to ransomware?
No company is too big to hack; the key issue is a business too resilient to hack, Viakoo CEO Bud Broomhead says. MGM may have invested heavily in backup and recovery, and may use this attack to learn where their weakness[es] are so next time they will be even more resilient to attack.
Cutler points out that for small- and midsize businesses, a ransomware attack could force them out of business entirely. Larger businesses are more financially equipped to absorb remediation costs.
But instead of gambling on whether to pay after a ransomware attack already happens, its smarter for businesses to continually invest in cybersecurity technology to keep up with evolving threat actors, according to Omri Weinberg, co-founder of DoControl.
No company will ever be fully bulletproof, and just like the casino, you need to bet where to invest the resources and funds into your cybersecurity practice, Weinberg says. Adversaries will always be more sophisticated with new technologies, and its a never-ending game.
Cybersecurity Kevlar aside, Broomhead commends MGMs incident response to the ransomware attack.
MGM deserves credit for not paying the ransom; hopefully their example will push more organizations to focus on resiliency and business continuity, Broomhead says. Its never a question of will you be hacked, just when youll be hacked and how prepared you are for it.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Too Rich to Ransomware? MGM Brushes Off $100M in Losses