MGM Resorts International said it is still trying to “normalize operations” at its Excalibur casino in Las Vegas after a widespread cyberattack.
On Monday, MGM confirmed that “certain systems” across its venues had been breached by hackers.
Today MGM, which operates 19 casinos across the US, insisted its gaming facilities “are open”.
However, the operator added: “our guests at Excalibur may continue to ask casino cashiers and slot guest representatives for assistance as we work to normalize operations.”
‘Operating normally’
“Our resort services, dining, entertainment, pools, and spas are operating normally and welcoming thousands of guests each day,” read the statement. “Our gaming floors, including slots, table games, and poker rooms are open.”
“Visitors to our properties may use Slot Dollars and FREEPLAY, and our slots are recording gaming spend. Our slot ticket-in/ticket-out systems are up and running.”
The operator added that its employees are on hand to “help guests with any intermittent issues.”
MGM did not specify how many casino floors are still being affected by the attack across its portfolio. Some other MGM systems appear to remain unavailable, such as online hotel reservations.
Reports last week stated that some customers were unable to make credit card transactions or withdraw money from ATMs. At the time, MGM said it could process such transactions but “certain transactions may be quicker to process with cash.”
The operator added: “ATM withdrawals with PINs currently are available. We are not offering cash advance or check cashing at this time.”
Ransomware
A hacker group called Scattered Spider, reportedly part of a ransomware collective, is claiming responsibility for the breach.
Scattered Spider said it launched ransomware attacks across MGM’s systems on September 11. The group also threatened further attacks on MGM’s infrastructure if MGM failed to meet payment demands.
If this is correct, MGM’s refusal to pay the ransom reportedly contrasts with Caesars Entertainment. The latter is said to have paid approximately $15m to the same group after it threatened to release sensitive customer data.
Caesars confirmed the security breach last week in a Securities and Exchange Commission filing.