- Details
- By Chez Oxendine
- Gaming
A ransomware attack that initially targeted the Lower Sioux Indian Community’s Jackpot Junction casino has spread throughout the tribe’s network, forcing the shutdown of some essential services at their pharmacy, health center, and dental facilities.
The tribe reported the attack on Tuesday morning, though according to the Lower Sioux Community Government Facebook page, issues with phones and other equipment began as early as March 27.
The attack has disrupted the tribe’s ability to provide health and government services, as well as operations at their Jackpot Junction casino. According to a statement released by the tribal council, the tribe has sought external assistance in repairing their network services.
“Your help in trying to keep this from becoming more negative than it already is would be appreciated,” the statement reads. “We are working hard to get things back to normal. Any cyber specialists are welcome to help.”
In the interim, the tribe has set up temporary phone numbers for their pharmacy, dental center, health center, and their optical facility.
A report from cybersecurity publication The Record places the blame for the attack by the RansomHub ransomware group.
The same group recently launched a cyberattack on the Sault Ste. Marie Tribe of Chippewa Indians in Michigan, according to prior Tribal Business News reporting.
“Ransomware” refers to software that typically locks down crucial data or otherwise disrupts operations, until the targeted group pays the attacker to unlock or uninstall the ransomware. RansomHub has developed a particular kind of ransomware, called EDRKillShifter, that blinds or otherwise disables security programs on an end user’s system.
The software has launched the group into recent prominence as they’ve distributed it to others for use in non-RansomHub attacks, per a report by cybersecurity firm ESET.
“The decision to implement a killer and offer it to affiliates as part of the ransomware-as-a-service program is rare,” ESET researcher Jakub Souček told The Record.
Tribal casinos have proven a popular target for ransomware attacks. In 2021, attempted attacks occurred almost weekly in the wake of a slow return to business post-COVID lockdowns. Successful attacks hit the Cheyenne and Arapaho Tribes’ Lucky Star Casinos in Oklahoma, the Nez Perce Tribe’s gaming operation in Idaho, and the Cache Creek Casino operated by the Yocha Dehe Wintun Nation in California.
These attacks can inflict significant financial damage through ransom payments or recovery costs, while also compromising customer data and damaging reputations. The Lower Sioux case highlights a concerning scenario where attacks spread beyond the bounds of casino operations to critical tribal services.
“We apologize for the time it’s taken, but we don’t want to share anything that is wrong or speculation to make things worse,” the Lower Sioux Tribal Council wrote in their statement. “We appreciate your patience and support.”
