Native Tribal Casinos Taking Millions in Ransomware Losses

An FBI notification is warning of an uptick in attacks against tribal casinos.

Ransomware groups have made millions off attacks on native tribal casinos in the U.S., just over the past few months.

A notification issued by the Federal Bureau of Investigation (FBI) cybercrime unit, according to a new report from Bleeping Computer, said that ransomware attacks on tribal casinos date back to 2016 — but a recent uptick has raised the alarm.

The alert reportedly identified notorious ransomware groups, including Bitpaymer, Conti, Cuba, REvil, Ryuk and Snatch, which have launched successful attacks on casinos, shutting down operations and stealing data.

Infosec Insiders Newsletter

The FBI also said in the notification that the groups targeted tribes with the assumption they lack extensive cybersecurity infrastructure and enforcement reach.

Tribal Casino Breaches

Several incidents have become pubic. For instance, six Lucky Star tribal casinos belonging to the Cheyenne and Arapaho tribes were shut down by ransomware last July, and in May the Seminole Nation’s casino in Oklahoma was also breached, according to the Tribal Business News.

In 2020 two Nez Perce Tribe casinos in Idaho were shut down by attacks, along with the Clearwater River Casino & Lodge in Lewiston and the Ye-Ye Casino in Kamaiah, the Tribal Business News also reported.

This new notification from the FBI seems to acknowledge authorities expect more of these ransomware attacks on tribal casinos to come.

Tribal Cybersecurity Funding

Legislative efforts have been made to get funding to native tribes to secure their networks as a matter of national security, including last summer’s introduced State and Local Cybersecurity Improvement Act and provisions included in the hotly debated bipartisan infrastructure bill languishing in Congress which proposes a $500 billion investment in municipalities and tribal communities.

The need is more dire than ever. The first six months of 2021 saw a 151 percent increase in ransomware attacks overall vs. the previous year, with Ryuk leading the surge.

A survey of 300 IT decision makers by ThycoticCentrify found 64 percent of respondents had been victims of a ransomware attack, and 83 percent of those reported paying the ransomware groups to restore operations. On the encouraging side, 93 percent said they plan to spend more money to protect their organizations from ransomware.

Following last summer’s attack on the chain of Arapahoe and Cherokee casinos, Tribal Governor Reggie Wassana was unequivocal about the tribes’ plans to pay their ransomware attackers.

“Let me be clear: this was a terrorist attack, and we did not negotiate nor surrender,” Wassana wrote in a June 22 statement to the Tribal Business News. “These criminals have not, and will not, receive one cent from the members of the Cheyenne and Arapaho Tribes.”

Want to win back control of the flimsy passwords standing between your network and the next cyberattack? Join Darren James, head of internal IT at Specops, and Roger Grimes, data-driven defense evangelist at KnowBe4, to find out how during a free, LIVE Threatpost event, “Password Reset: Claiming Control of Credentials to Stop Attacks,” on Wed., Nov. 17 at 2 p.m. ET. Sponsored by Specops.

Register NOW for the LIVE event and submit questions ahead of time to Threatpost’s Becky Bracken at

Suggested articles