British youth apprehended regarding MGM Resorts ransomware incident

AndyC 24 July 2024

Law enforcement in Britain have taken into custody a 17-year-old teenager suspected to be affiliated with a cybercrime syndicate that carried out severe ransomware attacks last year on MGM Resorts and various other corporations.

British teen arrested in connection with MGM Resorts ransomware attack

Law enforcement in Britain have taken into custody a 17-year-old teenager suspected to be affiliated with a cybercrime syndicate that carried out severe ransomware attacks last year on MGM Resorts and various other corporations.

In September last year, the large hotel and casino chain MGM Resorts suffered a cyber assault that led to guests waiting for extensive periods to check in, residents facing difficulties entering their rooms, ATM services being disrupted, and the shutdown of websites, TV services, and telephone communication.

During that period, all MGM Resorts properties in Las Vegas, including the Aria, the Bellagio, Luxor, MGM Grand, and Mandalay Bay, were affected by the incident.

A number of individuals took to social media to share their experiences of being at a casino that had been brought to a halt by malicious hackers.

It was only after 10 days that MGM Resorts announced it had returned to “normal operations,” and subsequently conceded that the hackers managed to obtain personal data, including names, contact information, gender, date of birth, driver’s license and passport details, and even Social Security numbers, of certain guests.

It later came to light that the hackers manipulated MGM’s IT helpdesk, posing as an employee locked out of their account over the phone, and duped staff into divulging login credentials which enabled them to execute the ransomware scheme.

The financial toll on MGM Resorts has been estimated to exceed US $100 million.

The 17-year-old individual detained in Walsall, England, last week in a coordinated effort by West Midlands Police and the FBI, is suspected to be part of the “Scattered Spider” cybercrime faction and was initially apprehended on suspicion of extortion and offenses under the Computer Misuse Act, as stated in a press release from the Regional Organised Crime Unit for the West Midlands (ROCUWM).

“This arrest follows a sophisticated inquiry that extends to the United States. We have collaborated closely with the National Crime Agency and FBI,” stated Detective Inspector Hinesh Mehta, Cyber Crime Unit Manager at ROCUWM. “These cyber factions have targeted prominent entities with ransomware, successfully victimizing numerous individuals globally and extorting large sums of money. We aim to convey a strong message that we will apprehend you. The risks outweigh the benefits.”

MGM Resorts has expressed gratitude to law enforcement agencies for their efforts in apprehending and tracking down the alleged perpetrators of the attack, emphasizing that they did not comply with the ransom demands.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , ,

More Stories

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

AndyC 20 December 2025
ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

AndyC 20 December 2025
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

AndyC 20 December 2025
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

AndyC 19 December 2025
DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

AndyC 19 December 2025
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

AndyC 19 December 2025

You may have missed

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

AndyC 20 December 2025
ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

AndyC 20 December 2025
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

AndyC 20 December 2025
What is Spoofing and a Spoofing Attack? Types & Prevention

How should Your Business Deal with Email Impersonation Attacks in 2025?

AndyC 20 December 2025
What is Spoofing and a Spoofing Attack? Types & Prevention

Best Vulnerability Scanning Tool for 2026- Top 10 List

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.