A teenage boy may be responsible for a ransomware attack that shut down MGM Resorts in Las Vegas last year. The West Midlands Police Department in England confirmed that they arrested an unidentified 17-year-old on Thursday from the town of Walsall who allegedly shut down the resort and casino on the Las Vegas strip last year.
The teenager was arrested on suspicion of blackmail and violating the UK’s Computer Misuse Act. He was released on bail, according to a statement from the police department.
Police officials tracked the teenage suspect as part of a joint investigation with the UK’s National Crime Agency and the FBI. The police department said they recovered evidence at the teenager’s address including “a number of digital devices which will undergo forensic examination.”
The statement also said the teenager was part of a “global cyber online crime group” but did not specify which group. The ALPHV/BlackCat ransomware group announced their responsibility for the MGM Resorts cyber outage. The attack happened on Sep. 12, 2023 allegedly with a simple 10 minute phone call to a Help desk employee using information obtained from LinkedIn. The group has also claimed responsibility for a similar ransomware attack on the beauty brand Esteé Lauder.
“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” the organization wrote in a post on X.
MGM Resorts’ system shutdown lasted for nine days and created a massive outage across all of its casinos on the Las Vegas Strip. News later surfaced that other casinos like Caesars were also targeted by a different group but chose to pay the hackers tens of millions of dollars to prevent private company data from being released.
