Las Vegas’s hottest new attraction is an interactive ransomware exhibit, currently playing out across every MGM property in the city. To experience what it’s like to gamble in a series of hacked casinos, I got on one of the first flights out of Los Angeles Saturday morning with the goal of figuring out not just how screwed up the casinos were, but also to witness the marvelous ability of the human species to adapt and cope with bizarre circumstances.
Last week, the ransomware gang ALPHV hacked Caesars and MGM, taking down multiple systems across the casino giants’ networks. Caesars folded quickly, and paid a $15 million ransom, helping return everything to normal for their customers. MGM, meanwhile, is refusing to pay, meaning that all sorts of things are broken at its 14 hotels and casinos in Vegas, including the Bellagio, Aria, MGM Grand, NoMad, and Mandalay Bay.
A statement on MGM’s website says: “Although the issue is affecting some of the Company’s systems, the vast majority of our property offerings currently remain operational, and we continue to welcome tens of thousands of guests each day. We are ready to welcome you.”
I wanted to see if it was actually the case that the “vast majority” of its offerings remained operational. Meanwhile, the hackers said in a statement on Friday that “if a deal is not reached, we shall carry out additional attacks,” and claim to still be inside MGM’s systems. I knew from videos posted to Twitter that some slot machines would be broken, that all elevators would be unlocked and able to travel to any floor (security guards are checking room keys before anyone can get on any elevator), that parking garages had lost the ability to charge people, that hotel check-in lines would be very long, and that certain casino operations would be cash only. What I wasn’t sure about was what this actually means for people trying to gamble and, more importantly, what it means for the workers whose jobs have suddenly become a lot more difficult.
In the time I was there, I gambled, walked around extensively, and casually spoke to visitors and casino employees about what was going on and how they were doing. The short answer is that all sorts of casino functions are fucked up in ways that are minor inconveniences for visitors but a nightmare for MGM casinos workers. Ironically, some of the systems that have been hacked and haven’t come back online are food ordering kiosk touchscreens that replaced human workers years ago. With those systems down, human workers had to step up to replace the automated systems in addition to their other duties, making it arduous and time consuming for customers to order food and giving workers only a couple working cash registers to take orders from.
Overall, six days in, the hack was still a big topic of conversation. People in every line I stood in and at every table I sat at were talking about the hack, and while I was there, Larry Flynt’s Hustler strip club began offering “free lap dances to those affected” by the hack. But the hack hasn’t prevented Vegas from being Vegas, and has sort of faded into the background amid all the city’s flashing lights. You can still gamble, drink, go to the pool, play slot machines, bet on sports, and scream at TVs. But if you are looking for things that have been fucked up by the hack, and I was, the evidence is everywhere.
This was a very quick trip—I was only in Vegas for five hours. When I landed, I took a cab directly to the MGM Grand, which I chose because I had been there before and because it is a famous MGM casino. I decided I would speed run through the hotel and casino on the way to the MGM-owned Aria, because I had seen a few videos of glitching slot machines shot there.
Soon after I walked into the MGM Grand, I felt the same sensory overload I normally do when I walk into a casino, and I thought everything was more-or-less normal. But I turned the corner and saw an entire section of mostly blacked-out slot machines, which were also fenced off. A curtain was shrouding off an area in the middle of the fenced-in section. “Out of Service. NO MSG 0001,” most of the slot machines said. “SECURITY GUARD TILT SSD APPROACH END-OF-LIFE DETECTED. Out of Service,” another one read.
I walked out onto the Strip, looked up, and saw a giant video billboard for the Aria. It was either suffering from the hack or in bad need of repair, because it was the only one I saw that had tons of flashing pixels, dead areas, and general software gore. Every few minutes, the bottom of the hundred-foot-high billboard would flash white while many of its pixels flashed a bunch of different colors over ads for sports betting, nightclubs, the MGM Rewards Card, and an America’s Got Talent performance. I encountered many broken escalators (though lots were working, too).
At the food courts of eight restaurants I went to, all ordering kiosks were broken. All of the kitchen management computer screens I saw behind the counters were on, but none of them were working. “Unable to connect to kitchen display service. Attempting to reconnect,” they said. A single establishment had a credit card processing machine and cash register. Two workers at that one restaurant were taking orders for all eight restaurants. After a customer ordered, another worker would grab a receipt and physically walk it to whatever restaurant the order was from. I watched the same worker walk back and forth over and over again, grabbing slips of paper from a cashier and walking them down the hall to give them to whatever kitchen needed them.
Receipts printed from the cash register said “OFFLINE” on them. I watched a cashier handwrite “smash burger” on a scrap of paper after I ordered it. At most establishments, I saw workers writing doing financial bookkeeping with pen and paper on printed out stacks of paper that listed the “Venue,” “Server Name,” “Date,” and then had a three-column table that said “Check #,” “Tip $,” and “Check Total.” Workers told me that they have to write every single transaction on these pieces of paper.
“It’s a whole lot of extra work we didn’t sign up for,” one bartender told me when I asked how the hack has changed things. “It’s been crazy but it’s just the technological world we live in these days. They just need to pay up so we can get back to normal,” referring to MGM needing to pay the ransom like Caesars did.
That bar had old school credit card processing transfer paper sitting behind the bar, just in case, but a worker told me they thankfully hadn’t had to process any credit cards by hand.
Two kitchen workers told me that they’ve never seen anything like this, but that for them specifically, the last week has been easy. “It’s been bad for business but not bad for me. We used to have orders coming constantly, from everywhere,” one said, referring to the various digital ordering kiosks in the dining room. “Now there’s only one place you can order and it’s for all the restaurants, so we’re barely getting any orders.”
“It’s like we’re back in the caveman days,” their colleague said. “But it’s OK, it’s OK.” Every worker I talked to said that the hack was “crazy” and had interrupted their processes. Other things were broken: Every parking payment machine I saw said “Out of Order” or had a curtain draped over it. Valet vehicle request kiosks at the Bellagio were broken.
Roughly a third of all slot machines I saw at three different MGM-owned casinos (MGM Grand, the Aria, the Bellagio) were fully out of order. But all slot machines, even the ones that are working, were affected by the hack in some way. The functioning ones are operating in some sort of offline mode. Normally, you can put money on a card, put that card into the slow machine, then cash out onto that card whenever you want. The players cards are not working at all, meaning that you put cash directly into the slot machines, and, when you want to cash out, you tap “cash out” and then you wait an indefinite amount of time for a casino employee to hand you cash at the machine itself.
After passing dozens of slot machines with a variety of error messages including “Cabinet Locked Locked by Host,” L55.J.16 No Signal,” “Audit Mode Out of Service,” “VALIDATION HOST NOT AVAILABLE Out of Service, “G2S Server Offline,” “Door Closed - Main,” “Call Attendant - Printer Paper Depleted,” “System is Offline or Unavailable,” “System offline,” “BILL VALIDATOR TILT BILL VALIDATOR TILT Out of Service,” “An error occurred during interrogation G2S Device Is Disabled (G2S_cabinet),” so on and so forth, I decided to finally play one.
At the first machine, I quickly lost $20. At another, I similarly quickly lost my money and decided to cash out before I lost more. “PLEASE WAIT, CALL ATTENDANT,” the buffalo-and-mountain-lion-themed machine stated on the screen. “$15.70 NOT IN USE.” I sat at the machine for 10 minutes, allowing the blaring music to wash over me. No one came, so I started anxiously looking around. I began talking to another patron, who said he had been waiting to cash out $93 for 30 minutes. “I heard there’s only one guy doing this,” he said. I briefly considered walking away and losing my $15.70, when a man wearing a suit, tie, and fanny pack and carrying a clipboard approached.
“How’s it going?,” I asked. “I’m so sorry,” I continued. “It’s been crazy,” he said. “I don’t even work in this department.” The man unzipped his fanny pack, which was full of money, and handed me $16. He wrote down our transaction in pen. I asked if he was the only person working on the floor. “Oh no, there’s a lot of us,” he said.
This process is terrible for the casino workers, who are the real victims here, but the long waits have seemingly led many customers to simply abandon their slot machines rather than cash out, which has the knock-on effect of rendering the machine temporarily unusable. I walked by dozens of machines that had a small amount of money “locked” in the machine waiting to be cashed out. Other people have been patiently waiting to cash out a few cents, according to local media.
There appeared, to my eye, to be no rhyme or reason why some slot machines were working and others were not. If four identical machines were connected next to each other, sometimes all four would be broken. Other times, only one would be broken. Sometimes each machine showed a different error message. There was no specific brand or type of game that seemed more likely to be broken than any other. Some penny slot machines were broken, while others were working. I walked through the high rollers slots section of the Aria, and some of the machines in there were broken, while others seemed to be working OK. (To compare, I briefly walked into the Cosmopolitan, casino that was bought by MGM last year but will not have all of its infrastructure transferred over to MGM’s systems until next year. Every single slot machine, ATM, and everything else was working. I did not see a single out-of-order machine while wandering past hundreds of them. The only thing that was broken was a kiosk for the BetMGM sportsbook.)
Back at the Aria, table games seemed to be working fine, more or less. No dealers I saw wanted to chit-chat, and I didn’t want to lose all my money.
I put $25 on black at roulette in the Aria and won, which was good. Video poker, video craps, and automated roulette machines all seemed to be broken. All of the little player stations for a wheel spin game called BIG SIX said “Station Locked! Locked - Online Link Down.” An automated roulette machine said “No BC Comms.” Lots of machines were simply turned off entirely. A video Blackjack game said “Terminal bloqueado.”
Many ATMs were working, but the first one I saw had a printed-out sign taped to it that read “NO CASH ADVANCES CAN BE PROCESSED AT THIS TIME. MGM GRAND MANAGEMENT.” Another ATM had red lights around its screen, which read “Kiosk Not Ready” and displayed a giant exclamation point. When I walked by it again a few minutes later, a sign that read “WE ARE CURRENTLY EXPERIENCING UNFORESEEN DIFFICULTIES, BUT ARE DILIGENTLY WORKING TO RESOLVE THIS AS SOON AS POSSIBLE THANK YOU FOR YOUR PATIENCE” had been placed directly in front of it in an attempt to block the error screen. Some ATMs were draped in cloth. Others had red error lights with the screens completely off.
While I was gambling, 404 Media’s Sam Cole texted me, letting me know that Vegas local media outlets were reporting that Larry Flynt’s Hustler Club was offering a deal for “those affected by this devastating event” in the form of free lap dances. Showing proof of a MGM hotel reservation at the club would allegedly get you a slew of other perks, including free airport pickup, luggage storage, and a free platinum VIP membership.
I wanted to see if anyone was actually taking advantage of the offer, and got in an Uber to the club around 2 p.m., about an hour before I had to be at the airport for my flight back to Los Angeles. The Uber driver immediately commented that it was a little “early” to be going to a strip club, and said that he would wait in the parking lot in case no one wanted to talk to me.
I got out of the car and walked up to the bouncer, who at first seemed confused why I was there. Then, he started laughing, because he realized that details of the offer had actually started making the rounds. He went to get a manager, who told me that the club was “absolutely” honoring the offer, which was indeed the idea of the club’s general manager, Brittany Rose. The manager declined to do a formal interview, but told me that two people had come in the night before to take advantage of the deal. When I asked him why they were doing the deal, he said that it was important “to come together as a city” to lift people up during hard times.
Both he and a few of the dancers I spoke to were thrilled that TMZ had just published an article about the deal for hacking victims. They said that the club itself would be paying workers for the lap dances, so they weren’t worried about the offer being free. It being 2 p.m., the club was mostly empty. None of the few customers had come from to take advantage of the MGM deal.
I had one beer at the bar, then decided it was time to go back home.
As of the time we’re publishing this, MGM has still not paid the ransom, and the issue still isn’t resolved. We’ve seen ransomware gangs hit local governments, hospitals, schools, law firms, and a host of other businesses, causing mass headaches, billions of dollars of damage, and, researchers think, several deaths at hospitals. But I’ve heard more people talking about “the MGM hack” and ransomware more broadly over the last week than I have for any other major hack of this kind, and I understand why. This is the first ransomware attack that I can think of that the public can actively, physically see and are invited to go see. Casinos are so incredibly profitable that, for MGM, the only way out seems to be by struggling through.