Native Tribal Casinos Pay Millions In Ransoms

by | November 8, 2021 | Cybersecurity News

FBI warns of a substantial spike in ransomware attacks targeting tribal casinos across the U.S.

Cybercrooks Squeezing Millions Out Tribal Casinos

Just over the past few months, ransomware gangs have made millions of dollars off cyberattacks on native tribal casinos in the U.S.

According to a new Bleeping Computer report, the Federal Bureau of Investigation (FBI) cybercrime team issued a notification saying that ransomware operators have been targeting tribal casinos since 2016, but a recent spike has experts concerned.

The FBI identified infamous ransomware gangs, such as Bitpaymer, Conti, Cuba, REvil, Ryuk, and Snatch, which have launched devastating attacks on casinos, shutting down operations and stealing information.

The notification also wrote that the cybercriminal groups targeted tribes banking on the presumption that they lack robust cybersecurity infrastructure.

Serious Breaches

Several notable incidents were made public. For example, ransomware attacks forced six Lucky Star casinos belonging to the Cheyenne and Arapaho tribes to shut down entirely in July. According to the Tribal Business News, in another incident that took place in May, the Seminole Nation’s casino in Oklahoma was breached.

Last year, two Idaho-based Nez Perce Tribe casinos were attacked and forced to shut down, along with the Clearwater River Casino & Lodge in Lewiston and the Ye-Ye Casino in Kamaiah, according to the news.

The FBI’s new alert hints at expecting more of these ransomware attacks on casinos to happen.

Funding For Tribal Cybersecurity

Authorities have made legislative efforts to get funding to native tribes to improve their networks’ security as a matter of national security, including last summer’s introduced State and Local Cybersecurity Improvement Act and provisions included in the hotly debated bipartisan infrastructure bill languishing in Congress which proposes a $500 billion investment in municipalities and tribal communities.

This year’s massive ransom payments make the need for better cybersecurity even more urgent.

ThyoticCentrify conducted a survey of 300 IT decision-makers and found 64 percent of respondents had fallen victim to a ransomware attack, and 83 percent of those reported paying the solicited ransoms to recover data and restore operations. On a happier note, 93 percent of respondents said they plan to invest more money in implementing better ransomware prevention measures in their companies.

“The odds of your organization experiencing a ransomware attack are growing every day. This new research report from ThycoticCentrify reveals two out of three companies surveyed were victims of a cyberattack in the last 12 months—and more than four out of five felt they had no choice but to pay the ransom demands,” Thycotic’s report wrote.

Right on the heels of last summer’s attack on the chain of Arapahoe and Cherokee casinos, Tribal Governor Reggie Wassana said that the tribes vehemently refused and will continue to refuse to pay up to cybercrooks.

“Let me be clear: this was a terrorist attack, and we did not negotiate nor surrender,” Wassana wrote in a June 22 statement to the Tribal Business News. “These criminals have not, and will not, receive one cent from the members of the Cheyenne and Arapaho Tribes.”

Most ransomware attacks start with phishing emails.

To prevent such costly incidents from happening, implement security awareness training in your company.

Over one billion phishing emails are sent out each day, and many of them bypass security filters. Thus, you need to be able to rely on your employees to stay vigilant and spot phishing scams.

You can successfully defend your business partly by training your employees on cybersecurity matters and especially phishing attacks, and partly by adopting more rigorous security measures, such as implementing multi-factor authentication and user behavior analytics.

Researching the latest phishing trends and strategies and adequately training your employees can be a hassle, so leave it to professionals.

ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irreparable damage.

Tribal casinos were hit with massive ransomware attacks, confirming the need for better cybersecurity awareness training.


Threatpost Native Tribal Casinos Taking Millions in Ransomware Losses

Bleeping Computer FBI: Ransomware gangs hit several tribal-owned casinos in the last year


Photo by Benoit Dare on Unsplash

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.