Kewadin Casinos Ransomware Attackers Write Complaining Letter to Local Newspaper
Posted on: February 25, 2025, 11:27h.
Last updated on: February 25, 2025, 12:10h.
- The Sault Tribe’s Kewadin Casinos suffered a cyberattack on February 9
- Hackers write to the local newspaper to complain they were being ignored
- Casinos reopening this week, tribe says
Michigan’s Sault Ste. Marie Tribe of Chippewa Indians will begin reopening its Kewadin Casinos following a ransomware attack that halted gaming operations for over two weeks.
But not before the attackers themselves wrote to a local newspaper to complain about the lack of a response from the tribe.
The Sault Tribe has battled for over two weeks to regain control of its systems after the February 9 attack. But in an extraordinary letter to The Sault Tribe Guardian last week, the hackers said the tribe’s ordeal would be over if it simply paid up.
“To be clear, we had no intention of harming the Tribe – our motives are purely financial,” the hackers clarified. “This incident could have been resolved within a few days following the attack.”
$5M Ransom ‘Speculative’
It’s unclear whether the tribe ultimately paid a ransom or were able to wrestle back control with the help of cybersecurity experts. But judging by the hacker’s frustration last week, tribal officials weren’t giving them the time of day.
The authors of the letter said they had made “multiple attempts” to contact the Tribal Board of Directors, leaving “voicemails, corporate and personal emails, and internal network messages.”
Despite this, the tribe hadn’t reached out, they added. As such, the $5 million ransom figure reported in the media was “purely speculative, as no negotiations have taken place,” they wrote.
The cybercriminals claimed they had stolen over 100 gigabytes of confidential data, consisting of more than 500K files.
RansomHub Involvement?
While the letter is simply signed “hackers,” DataBreaches.net reported that RansomHub, a global hacker group, has claimed responsibility via a post on the Dark Web.
RansomHub was one of the most active ransomware operators in 2024, with around 500 victims reported. That’s according to the group’s dedicated leak site, which it uses to publish samples of stolen data, as reported by cybersecurity firm Group-IB.
RansomHub uses a so-called “double-extortion model,” which involves extorting victims by encrypting systems and stealing data, then demanding payment.
Normal Service Restored
Kewadin Casinos comprises five gaming venues in Michigan’s Upper Peninsula, with locations in Sault Ste. Marie, St. Ignace, Manistique, Christmas, and Hessel. All were impacted by the attack.
Tribal healthcare and other services were also affected, forcing the tribe to source new temporary phone numbers for services.
In a news release Tuesday, the Sault Tribe said that its casino properties would begin reopening in stages from Wednesday.
“All casino hotels, restaurants, and entertainment will resume their normal business hours when the casino reopens,” read the release. “Phone lines are open and ready to be answered.”
No comments yet