A 17-year-old boy from Walsall, England, has been arrested in connection with the ransomware attack that incapacitated MGM Resorts in Las Vegas last year. The West Midlands Police confirmed the arrest on Thursday, revealing that the teenager is suspected of blackmail and breaching the UK’s Computer Misuse Act. After the arrest, the teenager was released on bail while investigations continued.
The arrest followed a collaborative effort between the UK’s National Crime Agency, the FBI, and local law enforcement. Police officials discovered multiple digital devices at the suspect’s home, which are now undergoing forensic analysis to gather further evidence related to the attack.
The teenage suspect is reportedly affiliated with a global cybercrime group, although the specific group has not been named. The ALPHV/BlackCat ransomware group claimed responsibility for the cyberattack on MGM Resorts, which occurred on September 12, 2023. The group’s method involved a seemingly straightforward approach: contacting a Help Desk employee using information gleaned from LinkedIn.
MGM Resorts experienced a significant operational disruption as a result of the attack, with its systems being shut down for nine days. This widespread outage affected all of its Las Vegas Strip casinos, highlighting the severity of the cyberattack.
In addition to MGM Resorts, it was revealed that another high-profile target, Caesars Entertainment, was also attacked by a different group. Caesars opted to pay tens of millions of dollars to the hackers to prevent the release of sensitive company data, showcasing the high stakes involved in such ransomware incidents.