Casinos in Las Vegas Hit by Suspected Ransomware Attack (Mar 3, 2020)
The Nevada State Game Control Board is currently investigating a ransomware attack affecting two Las Vegas casinos. According to reports, the incident occurred at The Four Queens Hotel and Casino and Binion’s Casino on February 27, 2020, and impacts ATMs, credit card processing, hotel reservations, player loyalty programs, and slot machines within the casinos. Both casinos are owned by TLC Casino Enterprises, Inc., and are both located on Fremont Street in Las Vegas. The casinos are open for business at the time of this writing, but are both continuing to experience technical issues with slot machines on casino floors, website issues, and at times accepting cash only. It is unknown at this time whether a ransom has been paid to the actors behind the attack.
Recommendation: It is crucial for organizations to have cyber security protocols in place, to help prevent an attack. Ransomware can potentially be blocked by using endpoint protection solutions (HIDS). Always keep your important files backed up following the 3-2-1 rule: have at least 3 different copies, on 2 different mediums, with 1 off-site. In the case of ransomware infection, the affected system must be wiped and reformatted. Other devices on the network should be checked for similar infections. Always check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.