Jackpot Junction Reopens Following Cyberattack, Offers Free Play

Posted on: April 15, 2025, 10:26h. 

Last updated on: April 15, 2025, 10:48h.

Devin O'Connor @CasinoorgDevinO Read More
Expertise: Asia Pacific Gaming, Commercial Gaming, Legislation, Politics.
  • Jackpot Junction was recently the victim of a cyberattack
  • The tribal casino in Minnesota has resolved the incident
  • Loyalty members are being provided free play

Gaming at Jackpot Junction Casino Hotel is back up and running following a nearly two-week shutdown because of a cyberattack.

Jackpot Junction casino cyberattack
Jackpot Junction’s slots are back on following a cyberattack. Details surrounding the nearly two-week shutdown remain limited. (Image: Jackpot Junction Casino Hotel)

The Minnesota casino owned and operated by the Lower Sioux Indian Community shuttered its more than 1,200 slot machines and bingo games on April 3. Table games weren’t affected but most restaurants also closed.

The resort said at the time a “cybersecurity incident involving authorized access to certain systems” was to blame. Last Friday, the casino turned back on its slot machines and its 250-seat bingo hall reopened.

Welcome back! We missed you!” Jackpot Junction posted on Facebook. “There’s a seat with your name on it — time to spin and win again!”

A sign on the casino floor thanked guests for their patience during the cyberattack.

“As a heartfelt thank you for your patience and support, all Rewards Club members will receive special tiered Free Play to celebrate our return and show our appreciation,” the sign explained. Such free play must be redeemed by April 30.

Cyberattack Details Scarce

Jackpot Junction didn’t provide specifics on how it resolved the cyberattack. There was no word on whether the casino paid a ransom to have its IT networks restored or if customer/employee data was compromised.

Russia-linked RansomHub took credit for the criminal activity. RansomHub is a third-party dark web contractor that performs cyber hit jobs on behalf of customers and affiliates. The cybergang typically charges a 10% commission of the overall ransom received and a flat fee for carrying out the sting.

Lower Sioux Indian officials said they had hired an outside firm to resolve the attack. Along with its casino operation, the cyberassault rendered glitches in the tribe’s healthcare facility and government administration building. The tribe reported communication problems with telephones on March 28.

The tribe says there are about 145 families with a population totaling almost 1,000 who live on the tribe’s more than 1,700-acre sovereign territory in Minnesota’s River Valley.

Jackpot Junction is the Lower Sioux’s only casino. The resort has a hotel with 379 rooms and an 18-hole championship golf course.

RansomHub Tool 

Cybersecurity officials weighing in on the latest US casino to be the victim of a cybercrime say RansomHub has developed a unique malware tool that allows it to infiltrate supposedly secure IT systems.

Cybersecurity experts Jan Holman and Jakub Souček, writing in We Live Security, an online website covering the online security community, say the product is “a special type of malware designed to terminate, blind, or crash the security product installed on a victim’s system, typically by abusing a vulnerable driver.”

That means the infiltration of the Jackpot Junction networks likely wasn’t caused by social engineering, which was behind the historic 2023 attacks on MGM Resorts and Caesars Entertainment. Social engineering involves a cybercriminal manipulating, influencing, or deceiving a victim to gain access or control of a computer system.

In the MGM event, an online criminal is alleged to have posed as an MGM employee who reached out to IT support to have their login credentials reset. Social engineering schemes gained in popularity during the COVID-19 pandemic when many employees worked from home on company-issued laptops.