All five casinos closed earlier this month when the tribe – the largest in Michigan – became aware of the cyber incident. The tribe shut down the systems for its Kewadin Casinos on 9 February.
Working with law enforcement, legal and cyber security experts, the tribe is now starting to reopen the casinos. It has also improved its IT systems to help prevent future attacks.
Kewadin Casino Sault Ste Marie reopened yesterday (26 February) at 12pm local time. The St. Ignace casino will also begin welcoming customers again from tomorrow (28 February).
The other three casinos in Manistique, Christmas and Hessel are due to reopen on 3 March from 12pm.
“Some tribal organizations were impacted more severely than others and are still recovering, but we’re fortunate to be able to reopen Kewadin’s doors and continue serving as a prime entertainment destination for the eastern U.P.,” Sault Tribe chairman Austin Lowes said.
“To guests who were unable to visit us during this time, I’m very sorry for the inconvenience this has caused. Our team worked with outside cybersecurity experts around the clock to make the necessary steps to strengthen and enhance our IT systems.
“We are open and ready for business.”
Hackers Deny $5.0 Million Cyberattack Ransom Claim
While full details of the cyberattack have not been made public, some reports suggested the hackers were demanding $5.0 million (£3.9 million/€4.8 million). However, in a letter to local newspaper, the Sault Tribe Guardian, the hackers denied this claim.
Writing in the letter, the hackers also said it was not their intention to harm the tribe and that their intentions were purely financial. The group had threatened to make certain data public on 19 February if their demands were not met.
“The financial situation of the tribe is sufficient to cover the expenses associated with this cyberattack,” the hackers said. “Moreover, the Sault Tribe holds at least three separate cyber insurance policies, which, under standard industry practice, would usually facilitate communication between affected entities and cybersecurity incident handlers.
“To be clear, we had no intention of harming the tribe. Our motives are purely financial. This incident could have been resolved within a few days following the attack.”
