Ransomware Pay Hit Record $1.1B in 2023, Hackers Hunted ‘Big Game’

Posted on: February 13, 2024, 08:10h. 

Last updated on: February 13, 2024, 11:55h.

Philip Conneller @casinoorgphilc Read More
Expertise: Gaming Business, Regulation, Tribal Gaming.

2023 was “a watershed year” for ransomware attacks, and one in which ransom payments almost doubled to a record $1.1 billion high. That’s according to a new report from Chainanalysis.

Ransomware, cyber crime, hackers, MGM, Caesars, Scattered Spider, big game hunting
The MGM Grand in Las Vegas, pictured above. The casino giant refused to pay the ransom that accompanied a September 2023 cyberattack, and the ensuing disruption caused an estimated $100 million in damage. (Image: CoStar)

The New York-based blockchain analysis firm noted that hackers are increasingly deploying a “big game hunting” strategy. That means going after global corporations, such as British Airways, and casino giants like MGM Resorts International and Caesars Entertainment, in search of bigger payloads.

Ransomware payment volume increasingly involved payments of $1 million or more, the report stated. Hospitals, schools, and government agencies were also frequently targeted.

“2023 marks a major comeback for ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks — a significant reversal from the decline observed in 2022,” Chainanalysis researchers wrote.

Prime Target

The gambling industry has long been a target for ransomware attacks. But until the last decade, online gaming sites have been the most common prey for hackers. Sports betting and poker platforms are prime targets, because cybercriminals can easily gauge peak business hours, such as during a major sporting event or a flagship poker tournament series.

The criminals can then hit them with a distributed denial-of-service attack (DDoS), which temporarily paralyzes a website with thousands of meaningless requests for information. Often, it’s cheaper for the gambling site to simply pay the ransom and move on.

But land-based casino operators are now increasingly targeted, and that includes the biggest players in the industry.

Scattered Spider

In September 2023, a hacking group known variously as “Scattered Spider” or “Octo Tempest” launched devastating ransomware attacks on MGM and Caesars.

MGM refused to pay the ransom and experienced disruption to its operations that lasted for days and caused an estimated $100 million in damage. Caesars paid the hackers around $15 million to have normal services restored, according to The Wall Street Journal.

Scattered Spider is an amorphous group of hackers that engages in various crimes, from ransomware to sextortion and phone scams. But the group has recently turned to “big game hunting.”

Scattered Spider is notable because its members are mainly English-speaking. High-profile cybercrime has traditionally been the domain of East European criminal gangs or state-sponsored hackers backed by China, Iran, or North Korea. This shows how threats are diversifying.

FBI Takedown

But the report also praises the progress made by law enforcement in combating ransomware attacks. This included the FBI’s infiltration of the group known as “Hive” in 2022, which the report suggests contributed to a significant reduction in attacks that year.

The federal agency was able to provide decryption keys to more than 1,300 of Hive’s victims, essentially preventing the need for ransom payments. This intervention prevented approximately $130 million in ransomware payments in 2022.