Ransomware Hackers Pull Off Another Casino Heist Making Away With Millions Of Dollars

Caesars Palace from across the water.
Caesars Entertainment Inc. has paid off a $15 million ransom held by a hacker group to prevent sensitive client data from being sold on the dark web. The casino group was hacked a few weeks ago and is seemingly working hard to mitigate the problem.

In an SEC (Securities and Exchange Commission) filing, Caesar Entertainment officially disclosed a cyberattack that penetrated its database and that an "unauthorized actor acquired a copy of, among other data, our loyalty program database, which includes driver’s license numbers and/or social security numbers for a significant number of members in the database". The hackers thus demanded $30 million from Caesars, otherwise the stolen information would be sold online.

The "unauthorized actor" in question is suspected to be a hacker group called Scattered Spider (a.k.a. UNC 3944). Its members are mostly based in the US and UK, comprised of young adults, some reported as young as 19 years old. In this case, the group began the attack last month (reported around August 27), though not at Caesars right away but through an outside IT vendor. Utilizing social engineering manipulation, the hackers were then able to breach Caesars' systems. 

According to the regulatory report, the stolen client data didn't seem to include any member passwords or PINs, bank account information, or credit card information. Nonetheless, to placate the matter, Caesars has paid the hacker group $15 million in hopes of closing at least that part of this debacle. Caesars has taken steps to ensure that the stolen data is deleted by the unauthorized actor, although it also stresses that it still cannot guarantee that the stolen data won't be used. In the meantime, if you're a Caesar loyalty member, the company is offering credit monitoring and identity theft services.

This attack is alarming in that the disclosure comes after another incident with MGM Resorts International earlier this week, and likely exposes specific vulnerabilities common within hospitality businesses.