Casino del Sol in Tucson Fighting Cyber Attack

Posted on: February 28, 2024, 12:32h. 

Last updated on: February 29, 2024, 11:35h.

Philip Conneller @casinoorgphilc Read More
Expertise: Gaming Business, Regulation, Tribal Gaming.

The Casino del Sol in Tucson, Ariz., said Tuesday that it had restored some semblance of normal operations after a February 21 cyber attack caused widespread system outage at the property.

Casino del Sol, cyber attack, hackers, ransomware, Scattered
The Casino del Sol, above, is one of Arizona’s biggest casino resorts, which may have made it a target for ransomware attackers like Scattered Spider, who are increasingly focusing on “big game” for bigger payoffs. (Image: KGUN9)

The FBI and the Pascua Yaqui Police Department are working together to investigate the attack, which knocked out ATMs, credit card systems, Wi-Fi, TV, phones, and electronic door keys systems, the casino’s owner, the Pascua Yaqui Tribe, said in a statement.

Slots Whirring Again

All slot machines are now fully operational, including the slots ticketing system, as are the poker room, gaming tables, and sports book.

As of Tuesday, bingo was closed until further notice and the phone system remained down, while all dining outlets and bars continued to be cash transactions only. The “Club Sol” casino rewards program is also offline, the Tribe said.

And, while the casino cage is currently cashing in slot tickets and gaming checks, other cash services at the cage are currently unavailable.

“We extend our sincerest apologies for any disruption or concern this incident may have caused to our valued guests,” the casino said. “Your trust and security remain our top priorities.”

No Word on Ransom

While it’s unclear whether the hack was accompanied by a ransom demand, it does bear the hallmarks of a ransomware attack.

Crypto analytics firm Chainanalysis recently reported that ransom payments to cybercriminals almost doubled to a record $1.1 billion last year, and that hacking groups are increasingly targeting “big game” — large companies, including casinos — in search of bigger payoffs.

Scattered Spider

In September 2023, a group known as “Scattered Spider” launched devastating ransomware attacks on MGM and Caesars.

 It’s believed the group used social engineering techniques to impersonate a high-level MGM employee in a phone call to the company’s helpdesk, a practice known as “spoofing.”

This way, they tricked support staff into resetting the passwords and multifactor authentication (MFA) codes for the individual they were pretending to be, gaining access to the system.

MGM declined to pay the ransom and experienced disruption to its operations that lasted for days, causing an estimated $100 million in damage. Caesars paid Scattered Spider around $15 million to have normal services restored, according to The Wall Street Journal.

Scattered Spider is a moniker coined by the cybersecurity community, not the criminals themselves. The group that attacked MGM and Caesars refers to itself as “Star Fraud.” Its members are part of a loose community of hackers known as “the Com.”