Kewadin Casinos Ransomware Attackers Write Complaining Letter to Local Newspaper

  • The Sault Tribe’s Kewadin Casinos suffered a cyberattack on February 9
  • Hackers write to the local newspaper to complain they were being ignored
  • Casinos reopening this week, tribe says

Michigan’s Sault Ste. Marie Tribe of Chippewa Indians will begin reopening its Kewadin Casinos following a ransomware attack that halted gaming operations for over two weeks.

Sault Ste. Marie Tribe of Chippewa Indians, Kewadin casinos, hackers, Sault Tribe Guardian, RansomHub,
Finally … the five Kewadin casinos will reopen in stages from Wednesday after the Sault Tribe regained control of their systems from hackers. (Image: Kewadin Casinos)

But not before the attackers themselves wrote to a local newspaper to complain about the lack of a response from the tribe.

The Sault Tribe has battled for over two weeks to regain control of its systems after the February 9 attack. But in an extraordinary letter to The Sault Tribe Guardian last week, the hackers said the tribe’s ordeal would be over if it simply paid up.

“To be clear, we had no intention of harming the Tribe – our motives are purely financial,” the hackers clarified. “This incident could have been resolved within a few days following the attack.”

$5M Ransom ‘Speculative’

It’s unclear whether the tribe ultimately paid a ransom or were able to wrestle back control with the help of cybersecurity experts. But judging by the hacker’s frustration last week, tribal officials weren’t giving them the time of day.

The authors of the letter said they had made “multiple attempts” to contact the Tribal Board of Directors, leaving “voicemails, corporate and personal emails, and internal network messages.”

Despite this, the tribe hadn’t reached out, they added. As such, the $5 million ransom figure reported in the media was “purely speculative, as no negotiations have taken place,” they wrote.

The cybercriminals claimed they had stolen over 100 gigabytes of confidential data, consisting of more than 500K files.

RansomHub Involvement?

While the letter is simply signed “hackers,” DataBreaches.net reported that RansomHub, a global hacker group, has claimed responsibility via a post on the Dark Web.

RansomHub was one of the most active ransomware operators in 2024, with around 500 victims reported. That’s according to the group’s dedicated leak site, which it uses to publish samples of stolen data, as reported by cybersecurity firm Group-IB.

RansomHub uses a so-called “double-extortion model,” which involves extorting victims by encrypting systems and stealing data, then demanding payment.

Normal Service Restored

Kewadin Casinos comprises five gaming venues in Michigan’s Upper Peninsula, with locations in Sault Ste. Marie, St. Ignace, Manistique, Christmas, and Hessel. All were impacted by the attack.

Tribal healthcare and other services were also affected, forcing the tribe to source new temporary phone numbers for services.

In a news release Tuesday, the Sault Tribe said that its casino properties would begin reopening in stages from Wednesday.

“All casino hotels, restaurants, and entertainment will resume their normal business hours when the casino reopens,” read the release. “Phone lines are open and ready to be answered.”

Philip Conneller
Philip Conneller Senior Reporter

In Philip Conneller’s eight years with Casino.org, he has covered the gaming industry from Las Vegas to Macau and everything in between. He currently focuses his coverage on gaming law, white-collar crime, global money laundering, tribal gaming, politics, and regulation.

Philip was the original features editor for poker’s Bluff Magazine and editor for Bluff Europe, which he helped launch. His writing has also been featured in ESPN, Forbes, Time Out, The Sun, and The Daily Star, as well as iGaming Business, eGaming Review, and numerous other industry news and tech websites.

His news stories for Casino.org/news have been linked by The Washington Post, The Daily Mail, People Magazine, and Jimmy Fallon's Tonight Show, among many others.

Philip once won $20,000 with 7-2 off-suit. He has been reprimanded for unwittingly playing Elton John’s piano on two separate occasions on both sides of the Atlantic.

He became a writer because he is a lousy pianist.

Philip lives outside London with his wife and children, where he spends his time agonizing about Arsenal FC.

Contact Philip at philip.conneller@casino.org.

Comments icon

Conversation (0)

+ Add a comment

Be the first to comment on this article.

Write a comment

Your email address will not be published.