FBI: Ransomware gangs hit several tribal-owned casinos in the last year

Image: Jonathan Petersson

The FBI's Cyber Division said in a private industry notification issued earlier this week that ransomware gangs have hit several tribal-owned casinos, taking down their systems and disabling connected systems.

These attacks are part of a long series of similar incidents targeting tribal entities since 2016, with damages estimated in the millions of dollars in recent months.

Ransomware-hit casinos had to shut down their gaming floors, as well as restaurants, hotels, and gas stations, causing significant revenues losses after being forced into providing limited or no services to customers while working on restoring their systems.

Limited cyber investigative capabilities and law enforcement resources are likely some of the reasons behind ransomware groups' seeing US tribes as desirable targets, according to the FBI.

Ransomware gangs that coordinated attacks against tribal communities include REvil (Sodinokibi), Bitpaymer, Ryuk, Conti, Snatch, and Cuba.

Due to these incidents, tribal entities have dealt with operational disruption, theft of sensitive data, and financial losses.

Ransomware also hit tribes' emergency and healthcare systems

The FBI also said that these ransomware attacks had impacted tribal-owned businesses and public services, including tribal governments, healthcare and emergency service providers, and schools.

The attacks' impact varied depending on the tribal entity affected but, in at least one case, ransomware operators took down a tribe's police department's computer system, the 911 system, and the public health system.

One example is the ransomware attack that hit and took down the network of the Eastern Band of Cherokee Indians (EBCI) in December 2019.

Law enforcement officials later arrested and charged a tribal employee for the cyberattack following an investigation led by the Cherokee Indian Police Department, helped by FBI's Cyber Security Response Team, the North Carolina State Bureau of Investigation, and the US Department of Homeland Security.

Seeing that the frequency of ransomware attacks and ransom demands have slowly but steadily increased over the last couple of years, tribal communities will likely be further impacted since they will have to redirect additional resources and funds to boost their cybersecurity defenses.

To show the scale of the financial losses ransomware targets are facing lately, last month, the US Treasury Department's Financial Crimes Enforcement Network (FinCEN) identified roughly $5.2 billion in outgoing BTC transactions potentially tied to ransomware payments.

The same day, senior officials from over 30 countries said that their governments would crack down on cryptocurrency payment channels used by ransomware gangs to finance their operations.