Days before computer systems were , casino operator paid out a ransom worth $15 million to a cybercrime group that managed to infiltrate and disrupt its systems, sources familiar with the matter told CNBC.
The cybercrime group has made a ransom demand to MGM as well, those sources told CNBC's Contessa Brewer.
There have now been two highly disruptive attacks on the gaming industry in a matter of weeks. Caesars in a U.S. Securities and Exchange Commission filing Thursday morning. The 8-K report, similar to one Wednesday, acknowledges the hack as a material event.
The cybercrime group demanded a $30 million ransom from Caesars, but the company ultimately agreed to pay about half that, sources said. The costs will be partially mitigated by Caesars' cyber insurance policies.
But Caesars does not anticipate the ransom payment or fallout will have a material effect on the company's bottom line, according to the filing.
"Although members of the group may be less experienced and younger than many of the established multifaceted extortion and ransomware groups, they are a serious threat to large companies in the United States," Charles Carmakal, chief technology officer at Cloud's Mandiant, told CNBC. "Many members are native English speakers and are incredibly effective social engineers."
Bloomberg the ransom and that the same group is behind the attacks on both companies. The group, known as UNC3944 or Roasted 0ktapus, was also linked to the MGM attack , a widely followed cybersecurity researcher on X, formerly known as Twitter. have the group to attacks on other companies, including , and .
SEC rules require that companies file reports within four days of a "material" event. It wasn't immediately clear why Caesars delayed filing the report disclosing the hack and ransom for weeks. The SEC pushed to introduce a new cybersecurity disclosure rule earlier this year, requiring that companies file an 8-K report disclosing the nature of a cyberattack and the effect on its business. That new rule kicks in by year-end.