A teenage boy from Walsall, England, has been arrested by the West Midlands Police Department in connection with a ransomware attack that disrupted MGM Resorts in Las Vegas last year.
The 17-year-old, whose identity remains undisclosed, is suspected of being behind the cyberattack that temporarily shut down the major resort and casino. Following his arrest on charges of blackmail and violating the UK’s Computer Misuse Act, he was released on bail.
The arrest was part of a collaborative investigation involving the UK’s National Crime Agency and the FBI. Authorities recovered various digital devices from the teenager’s residence, which are now undergoing forensic examination. This joint effort highlights the international cooperation required to tackle cybercrime that crosses borders.
The police statement also indicated that the teenager was a member of a “global cyber online crime group,” without naming the specific group. However, the ALPHV/BlackCat ransomware group has publicly claimed responsibility for the MGM Resorts cyberattack.
According to the group, the breach was accomplished with a straightforward 10-minute phone call to a Help Desk employee, leveraging information sourced from LinkedIn. The same group also claimed responsibility for a similar attack on the beauty company Esteé Lauder.
The ransomware attack on MGM Resorts led to a nine-day system shutdown, severely impacting operations across all its casinos on the Las Vegas Strip. This incident underscores the vulnerability of even well-protected organizations to social engineering tactics.
The situation further gained attention when it was revealed that Caesars, another casino operator, had been targeted by a different group and opted to pay a substantial ransom to avoid data exposure.
These events highlight the significant threat posed by cybercrime groups and the complex challenges faced by law enforcement in combating such activities.
The arrest of the teenage suspect is a step forward in addressing these cyber threats, but it also raises concerns about the sophistication and reach of such criminal organizations, as well as the ease with which they can exploit human and digital weaknesses.