Crown Resorts Downplays Ransomware Attack, Claims Data Uncompromised

Posted on: March 28, 2023, 09:37h. 

Last updated on: March 28, 2023, 09:47h.

Crown Resorts has confirmed being involved in a far-reaching ransomware attack, but the organization is assuring customers that their data and information hasn’t been compromised.

Crown Resorts ransomware attack GoAnywhere
The exterior of Crown Melbourne. Crown Resorts, which owns and operates Crown Melbourne, has been targeted by a ransomware group that found a glitch in an online file-sharing network the company uses. (Image: ABC News)

Crown officials announced Monday that the company has been a victim of the Fortra GoAnywhere ransomware attack.

A ransomware group called Clop recently identified a glitch in the GoAnywhere network that cybersecurity experts have since dubbed a “zero-day” vulnerability. The flaw allowed Clop to infiltrate GoAnywhere and illegally seize data.

The ransomware attack claims to have stolen data from more than 130 companies. Crown Resorts, the largest casino operator in Australia, says it’s among the comprised, but is trying to calm patron fears about their confidential information wrongly landing in the hands of hackers.

We were recently contacted by a ransomware group who claim they have illegally obtained a limited number of Crown files. We are investigating the validity of this claim as a matter of priority,” a Crown Resorts spokesperson said.

Fortra is a Nebraska-based software firm that specializes in secure file transfer services. GoAnywhere, the company’s flagship product, supposedly allows customers to securely transfer highly sensitive files over the internet.

“We have determined that an unauthorized party accessed the systems via a previously unknown exploit and created unauthorized user accounts,” Fortra confirmed. “We are working directly with customers to assess their individual potential impact, apply mitigations, and restore systems.”

Another Black Eye

Crown Resorts is already doing damage control in relation to its ongoing suitability probes in Victoria, Western Australia, and New South Wales. Recent inquiries in the Australian states have determined that Crown, for many years, failed to properly protect its casinos from being used to launder money and allegedly allowed criminal syndicates to frequent the properties.

Though Crown has managed to retain its coveted gaming concessions in the three states, independent state-appointed monitors are watching closely over the operations at Crown Melbourne, Crown Perth, and Crown Sydney. Those monitors will eventually help determine whether Crown Resorts has satisfied the conditions of its remediation directives to retain those gaming privileges.

Though no fault of its own other than partnering with a tech firm that provided products not fully safe from hackers, Crown Resorts confirming that it’s involved in the GoAnywhere breach is yet another misstep for the beleaguered gaming firm.

Despite Crown saying it’s still investigating the merit of Clop’s claims that it infiltrated Crown’s GoAnywhere transfers, the company said “no customer data has been compromised and our business operations have not been impacted.”

“We are continuing to work with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide relevant updates, as necessary,” the Crown statement concluded.

Global Firms Compromised

The GoAnywhere attack involves some of the world’s largest companies. Clop victims supposedly include consumer goods giant Proctor & Gamble, supermarket chain Kroger, energy conglomerate Shell, Stanford Medicine, and luxury retailer Saks Fifth Avenue.

The Virgin Group, which operates Virgin Hotels Las Vegas, has also been compromised.

Numerous companies, including Crown Resorts, have reported being contacted by Clop with a demand for ransom. While US government security officials tell compromised firms not to negotiate with ransomware groups, many often do in order to retrieve their data and protect their customers.

Blockchain analysis firm Chainalysis reported last month that about $457 million was paid to ransomware attackers last year. That’s down considerably from the $766 million supposedly paid in 2021 and the $765 million in 2020.