Young Briton detained over MGM Resorts ransomware attack involvement

AndyC 24 July 2024

British authorities have apprehended a 17-year-old individual suspected to have connections with a cybercriminal syndicate responsible for launching destructive ransomware assaults on MGM Resorts and several other organizations in the preceding year.

British teen arrested in connection with MGM Resorts ransomware attack

British authorities have apprehended a 17-year-old individual suspected to have connections with a cybercriminal syndicate responsible for launching destructive ransomware assaults on MGM Resorts and several other organizations in the preceding year.

In September last year, the prominent hotel and casino chain MGM Resorts experienced a cyber incident causing guests to endure lengthy check-in queues, occupants facing difficulty accessing their rooms, disruptions in ATM services, and the shutdown of websites, TV channels, and telephone systems.

During that period, all of MGM’s Las Vegas resorts, including the Aria, Bellagio, Luxor, MGM Grand, and Mandalay Bay, were affected by the incident.

Certain individuals took to social media platforms to narrate their experiences of being at a halted casino due to hackers’ actions.

MGM Resorts resumed normal operations after a span of 10 days and later acknowledged that the hackers had managed to obtain personal data, such as names, contact details, gender, date of birth, along with official documents like driver’s licenses, passports, and even Social Security numbers, of several guests.

Investigations disclosed that the hackers had successfully manipulated MGM’s IT helpdesk, pretending to be a staff member locked out of their account during telephone conversations, thereby deceiving them into surrendering login credentials, which in turn facilitated the execution of the ransomware assault.

The financial impact on MGM Resorts has been officially estimated to exceed US $100 million.

The 17-year-old individual apprehended in Walsall, England, during a collaborative effort between West Midlands Police and the FBI, is suspected of affiliating with the cybercriminal faction termed “Scattered Spider” and was initially detained on allegations of blackmail and violations of the Computer Misuse Act, as per a report by the Regional Organized Crime Unit for the West Midlands (ROCUWM).

“This apprehension was made subsequent to an extensive investigation crossing international borders, including America. Our close collaboration with the National Crime Agency and FBI has been crucial,” stated Detective Inspector Hinesh Mehta, Manager of the Cyber Crime Unit at ROCUWM. “These cyber factions have launched ransomware attacks on prominent entities and have successfully targeted various victims worldwide, resulting in substantial financial losses. We want to convey a resolute message that we will track you down. It’s just not worth it.”

MGM Resorts has expressed gratitude to law enforcement for their efforts in identifying and detaining purported members of the group accountable for the cyber assault, emphasizing their stance of refusing to give in to ransom demands.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , ,

More Stories

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

AndyC 19 December 2025
DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

AndyC 19 December 2025
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

AndyC 19 December 2025
GhostPairing campaign abuses WhatsApp device linking to hijack accounts

GhostPairing campaign abuses WhatsApp device linking to hijack accounts

AndyC 19 December 2025
Smashing Security podcast #448: The Kindle that got pwned

Smashing Security podcast #448: The Kindle that got pwned

AndyC 18 December 2025
SonicWall warns of actively exploited flaw in SMA 100 AMC

SonicWall warns of actively exploited flaw in SMA 100 AMC

AndyC 18 December 2025

You may have missed

Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems

Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems

AndyC 19 December 2025
Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems

Risk Management in Banking: Leveraging AI and Advanced Analytics

AndyC 19 December 2025
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

AndyC 19 December 2025
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

AndyC 19 December 2025
Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems

RegScale Open Sources OSCAL Hub to Further Compliance-as-Code Adoption

AndyC 19 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.