The recent ransomware attack on MGM Resort International cost the hotel and casino company $100 million overall from operational disruptions, according to its latest filing with the US Securities and Exchange Commission (SEC).\n\nMGM was attacked by ALPHR (aka BlackCat), a ransomware group widely thought to have links to the Russian government. MGM declined to pay the ransom requested by the attackers, relying on cybersecurity insurance to cover the costs of the attack's impact, and quickly moved to shut down operational systems in the wake of the attack \u2014 a move criticized by the attackers themselves.\n\n\u201cThe Company estimates a negative impact from the cyber security issue in September of approximately $100 million to Adjusted Property EBITDAR for the Las Vegas Strip Resorts and Regional Operations, collectively,\u201d said MGM in the SEC filing. EBITDAR is a term used denote earnings before interest, taxes and certain expenses.\n\nThough the company reports that the attack has been contained and no further data will be lost, the impact of the incident appears to be far greater than most. "The global average cost of a data breach in 2023 was $4.45 million, a 15% increase over 3 years," according to IBM's Cost of a Data Breach Report 2023.\n\nMGM is optimistic despite losses\n\nMGM said in the SEC filing that despite the large loss, it believes the incident might not have any material effect on its financial condition and results of operations for the year. \u201cWhile the Company experienced impacts to occupancy due to the availability of bookings through the Company\u2019s website and mobile applications, it was mostly contained to the month of September," MGM said.\n\nWhile MGM said it is confident that its cybersecurity insurance will be sufficient to cover the financial impact so far from the incident, the full scope of the costs and related impact of the attack remains yet to be determined.\n\nBased on the company\u2019s ongoing investigation, third-party activity within MGM systems has been contained but personal information of several customers (transacting with MGM prior to 2019) were obtained by the attackers. The personal information included name, contact details, gender, date of birth, and driver\u2019s license number, MGM said.\n\nRansomware is top cyberattack type\n\nRansomware remained the top type of cyberattack in September, with at least five big-ticket attacks, according to a study by cybersecurity company Cyfirma. Other than MGM, the top victims in September included the Save the Children global nonprofit organization, \u00a0Auckland University in New Zealand, the Canadian healthcare network BORN, and the Johnson Group marketing firm.\n\nEach of the attacks resulted in the loss of several gigabytes, up to terabytes, of customer or stakeholder data, Cyfirma said. Manufacturing and real estate were the top-hit sectors for the month, and the US was the region most impacted by ransomware attacks. \u00a0\n\nThe busiest ransomware groups for the month included BlackCat (ALPHV), Cuba, and Mimic (FreeWorld variant) with notable entrants including 3AM Ransomware, LostTrust, and CryptBB.\n\nThe impact of ransomware is not likely to diminish. "The ransomware economy has become incredibly lucrative as these cybercriminal groups have become highly organized and systematic," said Cyfirma CEO Kumar Ritesh, in an email response to questions abut the MGM attack. Part of the issue is the backing of nation-state actors.\n\n"Ransomware attacks have also been used to advance geopolitical interests and with strong backing by nation states, these attacks will certainly escalate in the near term," Ritesh said. However, impacted companies should not pay ransomware, he warned.\n\n "The proliferation of attacks are driven mostly by financial gains and this means victims are actually paying the ransom. This is not something we\u2019d recommend given that this would spur more attacks, embolden the hackers and continue to attract more people into the trade," Ritesh said.