[BreachExchange] Northern California casino shut down by external computer attack, may be ransomware

Destry Winant destry at riskbasedsecurity.com
Fri Oct 2 10:44:23 EDT 2020


https://www.sacbee.com/news/local/article246132265.html#:~:text=Northern%20California's%20Cache%20Creek%20Casino,the%20incident%20is%20under%20investigation.

Northern California’s Cache Creek Casino Resort, which has been shut
down since Sept. 20 because of what it called a “systems
infrastructure failure,” confirmed Wednesday that its computer systems
were the target of an outside attack and that the incident is under
investigation.

“While our investigation is ongoing, we have confirmed the cause was
an external attack on our computer network,” the Yocha Dehe Wintun
Nation, owners of the casino, said in response to questions from The
Sacramento Bee. “The privacy of our guests and employees is our
highest priority and we want to make certain they have some
peace-of-mind.

“We are working closely with independent experts who regularly
investigate incidents of this type to determine any risks to data
security. Attacks like these are significant and can take weeks to
research thoroughly.

“If it is determined the personal information of guests or employees
was exposed, we will notify affected individuals in writing. To
further reassure our community, we repeat our commitment to continued
full pay and benefits for our employees during this time, whether they
have been asked to report for their regular shifts or not.”

Sources, not at liberty to speak on the matter, told The Bee that the
FBI is looking into whether the incident is a ransomware attack aimed
at holding Cache Creek’s network and information hostage in return for
payment, but a casino spokesman declined to comment further than the
statement.

The casino, located in Brooks about an hour west of Sacramento,
remains closed for now while officials bolster its internal security
measures.

“Cache Creek Casino Resort will remain closed while we fortify our
infrastructure and restore all operations,” the tribe’s statement
said. “Unfortunately, and as reported in the news, these computer
attacks are becoming increasingly frequent, with major banks, a large
healthcare company and a well-known Las Vegas casino becoming recent
targets.

“We will be stronger from this, and we will remain vigilant in
protecting our operation from these network predators. We are
undaunted in our commitment to the security of our organization and
the future of our business.

“While we do not yet have a reopening date, we are making good
progress and expect to announce a reopening date soon.”

In February and March, two Las Vegas casinos reportedly shut down slot
machine operations because of a suspected ransomware attack.

“Four Queens Hotel and Casino and Binion’s Casino in downtown Las
Vegas are open for business but for several days were only able to
trade in cash, while startling videos of rows of crippled slot
machines on empty casino floors swept across Twitter,” Computer
Business Review Online reported at the time.

Ransomware has become a growing problem for various industries as
computer experts hack into information systems, typically networks
connected to the internet, and implant malware that encrypts data and
make it unavailable until a ransom is paid online.

Norton, the computer security company, says that “the idea behind
ransomware, a form of malicious software, is simple: Lock and encrypt
a victim’s computer or device data, then demand a ransom to restore
access.”

“In many cases, the victim must pay the cybercriminal within a set
amount of time or risk losing access forever,” Norton says on its
company website. “And since malware attacks are often deployed by
cyberthieves, paying the ransom doesn’t ensure access will be
restored.

“Ransomware holds your personal files hostage, keeping you from your
documents, photos, and financial information. Those files are still on
your computer, but the malware has encrypted your device, making the
data stored on your computer or mobile device inaccessible.”


More information about the BreachExchange mailing list