Caesars paid millions in ransom to cybercrime group prior to MGM hack

Must read

‘Oppenheimer’ steamrolls toward Oscars with Screen Actors Guild Award wins

Oppenheimer film billboard in Times Square, NYC on July 29th, 2023.Adam Jeffery | CNBCHistorical epic "Oppenheimer" picked up more prizes on Saturday at Hollywood's...

Smartphone giants like Samsung are going to talk up ‘AI phones’ this year — here’s what that means

Samsung Electronics Co. Galaxy S24 smartphones during a media preview event in Seoul, South Korea, on Monday, Jan. 15, 2024. Samsung, the world's most...

House China committee demands Elon Musk open SpaceX Starshield internet to U.S. troops in Taiwan

Elon Musk, CEO of Tesla and X, speaks at the Atreju political convention organized by Fratelli d'Italia (Brothers of Italy), in Rome, Dec. 15,...

U.S. and British strikes on Houthi sites in Yemen answer militants’ surge in Red Sea attacks on ships

The U.S. and Britain struck 18 Houthi targets in Yemen on Saturday, answering a recent surge in attacks by the Iran-backed militia group on...

The exterior of Caesars Palace Hotel and Casino in Las Vegas, May 29, 2017.

George Rose | Getty Images

Days before MGM’s computer systems were taken down in a cyberattack, casino operator Caesars paid out a ransom worth $15 million to a cybercrime group that managed to infiltrate and disrupt its systems, sources familiar with the matter told CNBC.

The cybercrime group has made a ransom demand to MGM as well, those sources told CNBC’s Contessa Brewer.

There have now been two highly disruptive attacks on the gaming industry in a matter of weeks. Caesars reported its incident in a U.S. Securities and Exchange Commission filing Thursday morning. The 8-K report, similar to one filed by MGM Resorts on Wednesday, acknowledges the hack as a material event.

The cybercrime group demanded a $30 million ransom from Caesars, but the company ultimately agreed to pay about half that, sources said. The costs will be partially mitigated by Caesars’ cyber insurance policies.

But Caesars does not anticipate the ransom payment or fallout will have a material effect on the company’s bottom line, according to the filing.

“Although members of the group may be less experienced and younger than many of the established multifaceted extortion and ransomware groups, they are a serious threat to large companies in the United States,” Charles Carmakal, chief technology officer at Google Cloud’s Mandiant, told CNBC. “Many members are native English speakers and are incredibly effective social engineers.”

Bloomberg previously reported the ransom and that the same group is behind the attacks on both companies. The group, known as UNC3944 or Roasted 0ktapus, was also linked to the MGM attack by vx-underground, a widely followed cybersecurity researcher on X, formerly known as Twitter. Security researchers have connected the group to attacks on other companies, including Cloudflare, Okta and Twilio.

SEC rules require that companies file reports within four days of a “material” event. It wasn’t immediately clear why Caesars delayed filing the report disclosing the hack and ransom for weeks. The SEC pushed to introduce a new cybersecurity disclosure rule earlier this year, requiring that companies file an 8-K report disclosing the nature of a cyberattack and the effect on its business. That new rule kicks in by year-end.

More articles

Latest article

‘Oppenheimer’ steamrolls toward Oscars with Screen Actors Guild Award wins

Oppenheimer film billboard in Times Square, NYC on July 29th, 2023.Adam Jeffery | CNBCHistorical epic "Oppenheimer" picked up more prizes on Saturday at Hollywood's...

Smartphone giants like Samsung are going to talk up ‘AI phones’ this year — here’s what that means

Samsung Electronics Co. Galaxy S24 smartphones during a media preview event in Seoul, South Korea, on Monday, Jan. 15, 2024. Samsung, the world's most...

House China committee demands Elon Musk open SpaceX Starshield internet to U.S. troops in Taiwan

Elon Musk, CEO of Tesla and X, speaks at the Atreju political convention organized by Fratelli d'Italia (Brothers of Italy), in Rome, Dec. 15,...

U.S. and British strikes on Houthi sites in Yemen answer militants’ surge in Red Sea attacks on ships

The U.S. and Britain struck 18 Houthi targets in Yemen on Saturday, answering a recent surge in attacks by the Iran-backed militia group on...

Broadcom reportedly nears $3.8 billion sale of remote access unit to KKR

A sign on the campus offices of chipmaker Broadcom is shown in Irvine, California.Mike Blake | ReutersChipmaker Broadcom is nearing a $3.8 billion deal...