Ransomware is back in the restaurant news. MGM Resorts and Caesars were both ransomed recently, losing their operations systems’ availability. Vegas is not nearly as fun when your room key will not work; you cannot sit down for a great meal or enjoy the risk from the pull of a slot machine. All that is usually available in a city that doesn’t sleep was unavailable while the two firms dealt with the ransom.

While it is easy to dismiss an attack on a travel and hospitality behemoth as far removed from a smaller restaurant operation, any firm can be a target of cybercriminals. It goes without saying that a business that cannot operate is not as profitable as one that can. Ransomware attacks against restaurants, like this huge news event in Vegas, strike back-office operations, preventing business functions like general ledger, scheduling, menu management, reservations, etc. from functioning.

As of this writing, more is known about the MGM event. MGM was targeted by a cyber gang that reportedly used social engineering to access the company’s networks and deploy ransomware to encrypt their files.

Social engineering is a technique cybercriminals use to trick people into divulging sensitive information or performing actions that can compromise a system’s security. Social engineering attacks are a type of cyberattack that targets human weaknesses rather than exploiting software or hardware vulnerabilities.

Several years ago, a similar attack involved a cyber gang inducing employees to bring ransomware into restaurants with catering businesses. In this case, an employee responsible for sales was targeted with a menu document that had malware embedded into it. In many cases, IT defenses caught and blocked the email with the malignant menu. Unfortunately, a phone call to the salesperson from an attacker pretending to be a patron induced them to contact IT and clear the email for release. On that release, the ransomware process would begin.

In light of the recent MGM hack and similar attacks against the restaurant industry, knowing the best defenses against social engineering attacks is essential. Here are some ways to protect against social engineering attacks:

  1. Understand what you’re protecting: Determine what’s most valuable to your company and ensure the most critical systems, applications, and data are protected.
  1. Educate employees: Educate your employees on the types of attacks being used so that they can recognize and respond to them.
  1. Update software regularly: Keep your software up to date to ensure that vulnerabilities are patched. Many ransomware attacks leverage known weaknesses or vulnerabilities in the software used. Keeping systems up to date reduces risk.
  1. Implement multi-factor authentication: Multi-factor authentication can help prevent unauthorized access to sensitive information or critical systems and networks.
  1. Use anti-virus and anti-malware software: Anti-virus and anti-malware software can help detect and prevent attacks.
  1. Limit access: Place limits on each team member’s access to the system to control the damage that can be done if an attack is successful.
  1. Use encryption: Encrypt sensitive data to protect it from unauthorized access.
  1. Conduct regular security audits and assessments: Regular security audits can help identify vulnerabilities and prevent attacks.

Work with your insurance broker to ensure you have the proper cyber liability insurance coverage and coverage that insures against these attacks. Some attacks that we would consider to be cyber attacks are covered under crime policies. Some policies cover lost revenue, which is a certainty if your ability to operate is reduced or removed due to a ransomware event.

To discuss this information in more detail, please contact Doug Davidson or your GBQ advisor.


Article written by:
Doug Davidson
Director of Information Technology Services


« Back