Sault Tribe Refuses to Pay Ransomware Attackers as Kewadin Casinos Reopen

  • The Sault Tribe’s five Kewadin casinos are now open after ransomware attack
  • The tribe refused to pay hackers for stolen private data
  • Customers who think they might be affected are urged to take precautions

Michigan’s Sault Ste. Marie Tribe of Chippewa Indians have confirmed they refused to pay a ransom to hackers who attacked their Kewadin casino operations and won’t pay to recover confidential data stolen by the cybercriminals.

Sault Ste. Marie Tribe of Chippewa Indians, Kewadin Casinos, cyberattack, ransomware, Austin Lowes
Sault Tribe Chair Austin Lowes, above, speaking at Lake Superior State University in 2023. Lowes refused to give in to the cyberattackers’ demands, despite the mayhem caused to tribal services. (Image: Lake Superior State University)

The Sault Tribe battled for over two weeks to regain control of its systems after the February 9 attack disrupted gaming operations at its five Upper Peninsula casinos, and other tribal services for over two weeks.

The casinos began reopening in stages last Wednesday, February 26, and all five resumed normal services as of noon on Wednesday, March 5. Despite the mayhem, which included disruption to government offices, health clinics, and other businesses, the tribe refused to give in to the hackers.

‘No Point Paying’

“Leadership worked with law enforcement groups, external cyberexperts, and others to evaluate whether or not to pay that ransom,” the tribe’s chairman Austin Lowes explained on Facebook. “After much deliberation, we have determined there is no point in paying their ransom demand.”

Lowes said his IT team worked closely with external cybersecurity experts to combat the threat. The tribe was eventually able to regain control of the systems and recover almost all of its data.

“There was no guarantee we would have received what was promised. We could have paid their ransom and still had our data shared on the dark web,” Lowes added.

You Don’t Write, You Don’t Call

In a bizarre twist, at the height of the crisis, the hackers wrote a letter to the local tribal newspaper, The Sault Tribe Guardian, to complain about the lack of response from tribal leadership.

The criminals claimed to have stolen 100 gigabytes of confidential data but had received no communication, despite sending “detailed instructions via phone voicemails, corporate and personal emails, and internal network messages.”

The hackers added that “the financial situation of the tribe is sufficient to cover the expenses associated with this cyberattack.”

“To be clear, we had no intention of harming the Tribe – our motives are purely financial,” they explained.

What is RansomHub?

DataBreaches.net reported that RansomHub, a global hacker group, has claimed responsibility via a post on the Dark Web. The group was one of the most active ransomware operators in 2024, with around 500 victims reported.

RansomHub uses the so-called “double-extortion model,” which involves extorting victims by encrypting systems and stealing data, then demanding payment.

We’ve begun the process of reviewing that stolen information so we can reach out to those who have been impacted and provide free credit monitoring services,” Lowes said. “This review will take time, though, since our team must manually review hundreds of thousands of documents to determine what information may have been stolen and who that information belongs to.”

In the meantime, he urged those who believe they might be affected to take steps to protect themselves by asking their credit card providers to monitor for suspicious behavior, changing their passwords, and contacting credit reporting agencies to inform them of the attack.

Philip Conneller
Philip Conneller Senior Reporter

In Philip Conneller’s eight years with Casino.org, he has covered the gaming industry from Las Vegas to Macau and everything in between. He currently focuses his coverage on gaming law, white-collar crime, global money laundering, tribal gaming, politics, and regulation.

Philip was the original features editor for poker’s Bluff Magazine and editor for Bluff Europe, which he helped launch. His writing has also been featured in ESPN, Forbes, Time Out, The Sun, and The Daily Star, as well as iGaming Business, eGaming Review, and numerous other industry news and tech websites.

His news stories for Casino.org/news have been linked by The Washington Post, The Daily Mail, People Magazine, and Jimmy Fallon's Tonight Show, among many others.

Philip once won $20,000 with 7-2 off-suit. He has been reprimanded for unwittingly playing Elton John’s piano on two separate occasions on both sides of the Atlantic.

He became a writer because he is a lousy pianist.

Philip lives outside London with his wife and children, where he spends his time agonizing about Arsenal FC.

Contact Philip at philip.conneller@casino.org.

Comments icon

Conversation (1 comment)

+ Add a comment
  • N
    NoName March 6, 2025
    Not paying the ransom is the best choice. Entities, organizations, and businesses that do pay a ransom are funding these hacking groups to continue with… Not paying the ransom is the best choice. Entities, organizations, and businesses that do pay a ransom are funding these hacking groups to continue with their ill intentions. .
    Reply

Write a comment

Your email address will not be published.