This afternoon the operator of the ALPHV / BlackCat ransomware group posted a long, rambling update on the MGM ransomware attack. Similar to many of these ransomware manifestos this one is self-indulgent and full of faux indignation. This, of course, completely ignores the fact that they are the criminals here, they broke into the networks, stole data, locked systems and are threatening to leak sensitive data unless MGM pays their extortion demands.

It starts right from the beginning:

We have made multiple attempts to reach out to MGM Resorts International, "MGM". As reported, MGM shutdown computers inside their network as a response to us. We intend to set the record straight.

Are you upset that MGM didn’t want to talk to criminals? No one owes your criminal-ass a response.

After waiting a day, we successfully launched ransomware attacks against more than 100 ESXi hypervisors in their environment on September 11th after trying to get in touch but failing. This was after they brought in external firms for assistance in containing the incident.

Again, they are upset that the incident responders didn’t want to talk to criminals. What were you going to do if they got in touch with you? Go home, quietly? Stop the attack? These were people trying to defend their network, they didn’t have the time to deal with scumbags like you.

The user has consistently been coming into the chat room every several hours, remaining for a few hours, and then leaving. About seven hours ago, we informed the chat user that if they do not respond by 11:59 PM Eastern Standard Time, we will post a statement. Even after the deadline passed, they continued to visit without responding. We are unsure if this activity is automated but would likely assume it is a human checking it.

Again, no one owes you a response, no matter what arbitrary deadline you set. Also, you don’t like it when someone intrudes onto your infrastructure and lurks around doing who knows what? Maybe you should secure your infrastructure better.

We are unable to reveal if PII information has been exfiltrated at this time. If we are unable to reach an agreement with MGM and we are able to establish that there is PII information contained in the exfiltrated data, we will take the first steps of notifying Troy Hunt from HaveIBeenPwned.com. He is free to disclose it in a responsible manner if he so chooses.

Reach an agreement? You mean extort. You are criminals, you don’t reach agreements, you extort victims.

We believe MGM will not agree to a deal with us. Simply observe their insider trading behavior. You believe that this company is concerned for your privacy and well-being while visiting one of their resorts?

Again, it is not a deal. You are extortionists, you extort victims you don’t “make deals.”

We recognize that MGM is mistreating the hotel's customers and really regret that it has taken them five years to get their act together. Other lodging options, including casinos, are undoubtedly open and happy to assist you.

Victim blaming is also a common tactic among ransomware groups. MGM is not mistreating their customers, you are disrupting their infrastructure, and disruption to their customers is entirely YOUR FAULT. This is like a bank robber complaining that a bank couldn’t service customers while everyone in the bank was being held at gun point. It is ridiculous on its face.

We still continue to have access to some of MGM's infrastructure. If a deal is not reached, we shall carry out additional attacks. We continue to wait for MGM to grow a pair and reach out as they have clearly demonstrated that they know where to contact us.

MGM has proved they “grew a pair” by not talking to you and not negotiating with criminal scumbags like yourselves. And once again, IT IS NOT A DEAL, you are criminal scumbags and you need to accept that good organizations don’t want to deal with you.