The Federal Bureau of Investigation is looking into cyber-attacks at tribal casinos in Oklahoma and Wisconsin. Many of the casinos involved shut down after the attacks and some remain closed. Officials stated there’s no indication the incidents were related; they didn’t say what the hackers demanded or if any demands were met.
The Cheyenne and Arapaho Tribes of Oklahoma’s six Lucky Star Casinos shut down on June 18 after a cyberattack infiltrated the venues’ information technology networks.
The Lucky Star in Concho reopened June 24, but it’s not known when the other casinos in Clinton, Canton and Watonga will resume business. The gaming parlor inside the Concho travel center reopened June 27, but the Hammon location remains closed.
Lucky Star said its casinos are among many businesses and government agencies breached by ransomware. In a statement, officials said confidentiality and data security are a top priority. As soon as online systems went down, they added, the FBI and federal law enforcement agencies were notified. The venues’ insurance provider and cybersecurity experts recommended that casino officials suspend operations. The property pledged to keep employees on the payroll during the shutdowns.
Officials said Lucky Star’s IT team and external forensic cyber investigators are working closely with federal law enforcement to resolve the situation. They added the insurer will provide credit monitoring services for the next 12 months.
In a letter to customers, Lucky Star officials wrote, ” The security and confidentiality of all data are a top priority for us. We apologize to our customers and partners and emphasize the need to be extra vigilant, particularly regarding suspect communications. As the investigation continues, Lucky Star Casino commits to communicate directly to impacted customers and employees with whom we appreciate their patience as we work through this situation so that operations can resume in the coming days.”
A similar attack took place in Keshena, Wisconsin at the Menominee Casino, which remained closed for nearly two weeks. General Manager Daniel Hansen said the venue experienced “technical difficulties due to an attempted external attack” on computer systems. He said his team was working with law enforcement, cybersecurity and forensic experts to investigate the cyberattack.
Hansen said the gaming floor has reopened but not table games, bingo, gift shop or the hotel. Forest Island Restaurant and Spirit Island Lounge are open with limited menus and taking cash only, Hansen said. “Our team has been and continues to work diligently to provide an entertainment experience that is secure and enjoyable. We are confident in the measures we have taken to reopen and are excited to invite you back to our casino for gaming.”
In Winnebago, Nebraska, Ho-Chunk Inc. IT Director Jerry Beaver said, “We get thousands of attempts on a daily basis. Think of it as an alarm system, but you have to make sure the alarms are on. Hackers are always learning new tricks.” Beaver said Ho-Chunk prepares for ransomware attacks by continually updating backups, firewalls, VPN and setting separate credentials for administrative functions.
According to Cybercrime expert Teresa Rule, ransomware hackers hold the casino’s mainframe hostage, since almost all games are computerized. Rule said that if casinos pay the ransom to get operational again, they feed the system created by the cyberbullies. She advised casino customers to stay cyber-safe by using a prepaid credit card, not their debit or credit cards.
Cybersecurity company Palo Alto Networks said the average ransom paid in 2020 soared by 171 percent to $312,500—up from $115,000 in 2019.
